What is the status of DNSSEC being added to Fedora and Red Hat Linux? What changes have already been made? What changes will occur in the future? What tools are available to help?
At the recent ICANN45 DNSSEC Deployment Workshop, Paul Wouters from Red Hat spoke about integrating DNSSEC into Linux. Paul’s slides are available for download and a video of the entire workshop is available from the main page.
In the presentation, Paul talks about the difference between Fedora and Red Hat Linux and then dives into what needed to be modified to support DNSSEC. He provides some insight into their experiences using DNSSEC in different configurations and with different tools.
Paul also spoke about support for the DANE protocol to use DNSSEC to validate SSL/TLS certificates and in particular his TLSA Validator add-on for the Firefox browser and his “hash-slinger” tool that generates TLSA records. Both tools are available at his site at:
It was a great presentation to hear, and Paul is very active within the DNSSEC community working on tools such as these to help get DNSSEC further deployed. It is well worth some time checking out his tools.