3

I'm trying to DNSSEC Sign a RRSET, however I am not able finding any references to how to do so using DNSPython. Yes it has dns.dnssec.validate_rrsig(), but I want to DNSSEC sign a rrset, how can this be done?

I've been pooring over the RFC's however I'm obviously lacking something in order to make it work.

user869887
  • 31
  • 1

1 Answers1

0

Do you really have to do it with DNSPython? Is this a custom name server?

The typical way you normally do it (with bind, for example) is by pre-signing the zone file. The DNSSEC RRSIG does not have any dependency on the connection parameters so we don't really have to do on-the-fly signing. Also, things like NSEC would be easier to handle if you pre-sign.

jman
  • 11,334
  • 5
  • 39
  • 61
  • 1
    Yes this is a custom name server application. But more generally I would like to know the process of signing DNS data. I have read the related RFC's but it still doesn't appear to be working in the end. – user869887 Aug 01 '11 at 12:49