summaryrefslogtreecommitdiffstats
path: root/contrib/bind/doc/secure/readme.txt
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind/doc/secure/readme.txt')
-rw-r--r--contrib/bind/doc/secure/readme.txt93
1 files changed, 93 insertions, 0 deletions
diff --git a/contrib/bind/doc/secure/readme.txt b/contrib/bind/doc/secure/readme.txt
new file mode 100644
index 0000000..d7b422a
--- /dev/null
+++ b/contrib/bind/doc/secure/readme.txt
@@ -0,0 +1,93 @@
+
+ Secure DNS (TIS/DNSSEC)
+ September 1996
+
+Copyright (C) 1995,1996 Trusted Information Systems, Incorporated
+
+Trusted Information Systems, Inc. has received approval from the
+United States Government for export and reexport of TIS/DNSSEC
+software from the United States of America under the provisions of
+the Export Administration Regulations (EAR) General Software Note
+(GSN) license exception for mass market software. Under the
+provisions of this license, this software may be exported or
+reexported to all destinations except for the embargoed countries of
+Cuba, Iran, Iraq, Libya, North Korea, Sudan and Syria. Any export
+or reexport of TIS/DNSSEC software to the embargoed countries
+requires additional, specific licensing approval from the United
+States Government.
+
+Trusted Information Systems, Inc., is pleased to
+provide a reference implementation of the secure Domain Name System
+(TIS/DNSSEC). In order to foster acceptance of secure DNS and provide
+the community with a usable, working version of this technology,
+TIS/DNSSEC is being made available for broad use on the following basis.
+
+- Trusted Information Systems makes no representation about the
+ suitability of this software for any purpose. It is provided "as is"
+ without express or implied warranty.
+
+- TIS/DNSSEC is distributed in source code form, with all modules written
+ in the C programming language. It runs on many UNIX derived platforms
+ and is integrated with the Bind implementation of the DNS protocol.
+
+- This beta version of TIS/DNSSEC may be used, copied, and modified for
+ testing and evaluation purposes without fee during the beta test
+ period, provided that this notice appears in supporting documentation
+ and is retained in all software modules in which it appears. Any other
+ use requires specific, written prior permission from Trusted Information
+ Systems.
+
+TIS maintains the email distribution list dns-security@tis.com for
+discussion of secure DNS. To join, send email to
+ dns-security-request@tis.com.
+
+TIS/DNSSEC technical questions and bug reports should be addressed to
+ dns-security@tis.com.
+
+To reach the maintainers of TIS/DNSSEC send mail to
+ tisdnssec-support@tis.com
+
+TIS/DNSSEC is a product of Trusted Information Systems, Inc.
+
+This is an beta version of Bind with secure DNS extensions it uses
+RSAREF which you must obtain separately.
+
+Implemented and tested in this version:
+ Portable key storage format.
+ Improved authentication API
+ Support for using different authentication packages.
+ All Security RRs including KEY SIG, NXT, and support for wild cards
+ tool for generating KEYs
+ tool for signing RRs in boot files
+ verification of RRs on load
+ verification of RRs over the wire
+ transmission of SIG RRs
+ returns NXT when name and/or type does not exist
+ storage of NXT, KEY, and SIG RRs with CNAME RR
+ AD/ID bits added to header and setting of these bits
+ key storage and retrieval
+ dig and nslookup can display new header bits and RRs
+ AXFR signature RR
+ keyfile directive
+ $SIGNER directive (to turn on and off signing)
+ adding KEY to answers with NS or SOA
+ SOA sequence numbers are now set each time zone is signed
+ SIG AXFR ignores label count of names
+ generation and inclusion of .PARENT files
+ Returns only one NXT at delegation points unless two are required
+ Expired SIG records are now returned in response to query
+
+Implemented but not fully tested:
+
+Known bugs:
+
+Not implemented:
+ ROUND_ROBIN behaviour
+ zone transfer in SIG(AXFR) sort order.
+ transaction SIGs
+ verification in resolver. (stub resolvers must trust local servers
+ resolver library is to low level to implement security)
+ knowing when to trust the AD bit in responses
+
+Read files INSTALL_SEC and USAGE_SEC for installation and user
+instructions, respectively.
OpenPOWER on IntegriCloud