{
"info": {
"author": "Axel Rau",
"author_email": "axel.rau@chaos1.de",
"bugtrack_url": null,
"classifiers": [
"Development Status :: 4 - Beta",
"Environment :: Console",
"Intended Audience :: System Administrators",
"License :: OSI Approved :: GNU General Public License (GPL)",
"Natural Language :: English",
"Operating System :: POSIX",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.6",
"Programming Language :: Python :: 3.7",
"Programming Language :: Python :: 3 :: Only",
"Topic :: Internet",
"Topic :: Security :: Cryptography"
],
"description": "DSKM DNSsec Key Management\n \n Copyright (c) 2012-2019 Axel Rau, axel.rau@chaos1.de\n\nThis program is free software: you can redistribute it and/or modify\nit under the terms of the GNU General Public License as published by\nthe Free Software Foundation, either version 3 of the License, or\n(at your option) any later version.\n\nThis program is distributed in the hope that it will be useful,\nbut WITHOUT ANY WARRANTY; without even the implied warranty of\nMERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\nGNU General Public License for more details.\n\nYou should have received a copy of the GNU General Public License\nalong with this program. If not, see .\n\n\nPurpose:\n DNSsec key management add-on to ISC bind 9.9.x for zones with\n auto-dnssec maintain;\n inline-signing yes;\n .Creates and deletes keys, submits delegation signer (DS) resource records\n or public DNSKEYs to parent.\n Zones may be local, public or reverse (IP4 or IP6).\n\nRequirements:\n bind 9.12+ http://www.isc.org/software/bind\n python 3.6+\n pycryptodome pypi.org\n ecdsa pypi.org\n dnspython pypi.org, http://www.dnspython.org/\n script http://lamb.cc/script/ (must be installed manually)\n\nInstallation:\n Optionally create a virtual environment.\n Download the script package from http://lamb.cc/script/,\n extract it to /usr/local/src and install it as\n pip install /usr/local/src/script-1.7.2\n Then install DSKM as\n pip install DSKM\n \n After installation of the required software, query usage of the main program\n at top level::\n \n # operate_dskm -h\n Usage: operate_dskm [options]\n \n DSKM DNSsec Key Management Do maintenace of DNSsec keys. Create and delete\n them as necessary. Submit/cancle DS-RR to/at parent registrar.\n \n Options:\n -h, --help show this help message and exit\n -c, --cron Run as cronjob. Each run increments timeout timer.\n -S STOPSIGNINGOFZONE, --stopSigningOfZone=STOPSIGNINGOFZONE\n Initiate procedure to make a zone unsigned. Argument\n is zone name.\n -f, --force Force deletion of keys (ignore delete time) while\n stopping signing of zone.\n -r, --registrar_status\n Query list of completed and pending requests of all\n registrars and terminate.\n -p, --purge_all_registrar_completion_info\n Purge all completion info of completed and pending\n requests of all registrars and terminate.\n -q QUERY_STATUS, --query_status=QUERY_STATUS\n Give detailed registrar result status about .\n -t, --test_registrar_DS_submission\n Delete and re-submit current DS-RR to registrar.\n -n, --dry-run Do not really change any data at registrar with\n --test_registrar_DS_submission.\n -d, --debug Turn on debugging.\n -v, --verbose Be more verbose.\n \n Configuration:\n \n named.conf DSKM requires all managed zones to share a common root.\n There is one directory per zone, which contains zone file,\n keys, bind journal files and DSKM config and status files, e.g.:\n /var/named/master/signed/example.com\n /var/named/master/signed/sub.example.com\n Corresponding named.conf fragments could look like:\n options {\n dnssec-enable yes;\n dnssec-validation yes;\n directory \"/var/named\";\n ...\n }\n \n zone \"example.com\" IN {\n type master;\n file \"master/signed/example.com/example.com.zone\";\n key-directory \"master/signed/example.com/\";\n auto-dnssec maintain;\n inline-signing yes;\n allow-query {\n any;\n };\n };\n \n zone \"sub.example.com\" IN {\n type master;\n file \"master/signed/sub.example.com/sub.example.com.zone\";\n key-directory \"master/signed/sub.example.com/\";\n auto-dnssec maintain;\n inline-signing yes;\n allow-query {\n any;\n };\n };\n \n zone file In case you have a local subdomain, insert something like\n sub IN NS localhost.\n $include \"master/signed/example.com/sub.example.com.ds\"\n The included file must be empty (will be updated by DSKM).\n Local domain, means an internal domain with local trust anchor\n (\"Registrar = Local\" in example.com/dnssec-stat-example.com - see below)\n \n $VIRTUAL_ENV/etcdskm_conf.py or /usr/local/etc/dskm_conf.py:\n \n Please review the DSKM config file carefully:\n master\n A list of IPs where the (hidden) master may be reached by the script\n external_secondaries\n A list of NS addresses of your public secondaries\n external_recursives\n A list of NS addresses of public, validating NS\n registrar\n Dict of dicts with account data, one per registrar.\n Initially implemented is\n Joker for Joker.com see http://www.joker.com and\n Ripe (not really a registrar, but European\n Regional Internet Registry)\n (Names must be written literally as above)\n sender, recipients, mailRelay for alarming mails, if run as cron job.\n ROOT_PATH\n root of zone directories\n \n The other timing and crypto constants should be self explaining.\n\t\tThe key timing constants are 'sticky': Changing them in DSKM/conf.py\n\t\tdoes not affect active zones.\n\t\tThe secure way to apply changed timing data to active zones would be\n\t\tto stop signing and start over with a vanilla conf file ( see below).\n \n example.com/dnssec-conf-example.com\n If you run the script with an empty zone directory (example.com),\n it creates 2 files there:\n example.com/dnssec-conf-example.com\n example.com/dnssec-stat-example.com\n You must then put the zone file there and edit the dnssec-conf-*\n file, which initial content is:\n {\n \"Registrar\": \"Local\", \n \"Method\": \"unsigned\"\n }\n 'Registrar' may be one of 'Local', 'by hand', 'Joker' or 'Ripe'.\n \t'Local' is zone with local trust anchor (private net etc.)\n \t'by hand' is zone for which handover of DS-RR/DNSKEY-RR to\n \t\tparent is done by human on behalf of an email sent by DSKM.\n 'Method must be changed to 'NSEC' (currently only).\n If you then run the script, it will create the initial keys and\n named will start signing the zone:\n # operate_dskm -v\n [Scanning /var/named/master/signed]\n [Working at 2012-05-31T15:01:33.932455 on example.com (com )]\n Generating key pair..............+++ ...........+++ \n [Key Kexample.com.+008+26482.key created.]\n [example.com/KSK/26482/-1(A:2012-05-31T15:01:33, I:2012-06-02T15:01:33, D:2012-06-03T15:01:33)]\n Generating key pair.....................++++++ .............++++++ \n [Key Kexample.com.+008+27330.key created.]\n [example.com/ZSK/27330/-1(A:2012-05-31T15:01:34, I:2012-06-01T15:01:34, D:2012-06-02T15:01:34)]\n [State transition of example.com/KSK from -1 to 0(KSK1 created) after 0 retries]\n [State transition of example.com/ZSK from -1 to 0(ZSK1 created) after 0 retries]\n # \n Debug- and informal messages are in square brackets, warnings start with '%' and\n errors start with '?'.\n The 3 timestamps per key are Active (start signing with this key), \n Inactive(stop using this key for sigs) and Delete (remove key from DNSKEY rset).\n \n crontab: Something like\n # hourly DNSsec key maintenance\n 55 * * * * root /usr/local/bin/python3 \\\n /usr/local/cronscripts/dnssec_key_maintenance.py \\\n -v -c >>/var/log/DSKM/dnssec_key_maintenance.log >&1\n will do.",
"description_content_type": "text/markdown",
"docs_url": null,
"download_url": "",
"downloads": {
"last_day": -1,
"last_month": -1,
"last_week": -1
},
"home_page": "https://github.com/mc3/DSKM",
"keywords": "",
"license": "GPLv3",
"maintainer": "",
"maintainer_email": "",
"name": "DSKM",
"package_url": "https://pypi.org/project/DSKM/",
"platform": "",
"project_url": "https://pypi.org/project/DSKM/",
"project_urls": {
"Homepage": "https://github.com/mc3/DSKM"
},
"release_url": "https://pypi.org/project/DSKM/0.9.0/",
"requires_dist": null,
"requires_python": "",
"summary": "DNSsec key management",
"version": "0.9.0"
},
"last_serial": 4918852,
"releases": {
"0.9.0": [
{
"comment_text": "",
"digests": {
"md5": "cbe2c8e37c3477480960c87fc1aecf14",
"sha256": "d471a26f13a2a9fce89d83c74abc9f5761fe5251093888c7da3417ef232d56bb"
},
"downloads": -1,
"filename": "DSKM-0.9.0.tar.gz",
"has_sig": false,
"md5_digest": "cbe2c8e37c3477480960c87fc1aecf14",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 29553,
"upload_time": "2019-03-09T14:30:01",
"url": "https://files.pythonhosted.org/packages/fb/97/08d69a401dbde93c39463ca48c22574cb63deb0ada6d24d356b6d334fbb5/DSKM-0.9.0.tar.gz"
}
]
},
"urls": [
{
"comment_text": "",
"digests": {
"md5": "cbe2c8e37c3477480960c87fc1aecf14",
"sha256": "d471a26f13a2a9fce89d83c74abc9f5761fe5251093888c7da3417ef232d56bb"
},
"downloads": -1,
"filename": "DSKM-0.9.0.tar.gz",
"has_sig": false,
"md5_digest": "cbe2c8e37c3477480960c87fc1aecf14",
"packagetype": "sdist",
"python_version": "source",
"requires_python": null,
"size": 29553,
"upload_time": "2019-03-09T14:30:01",
"url": "https://files.pythonhosted.org/packages/fb/97/08d69a401dbde93c39463ca48c22574cb63deb0ada6d24d356b6d334fbb5/DSKM-0.9.0.tar.gz"
}
]
}