Stockholm Waterfront 25-26 november 2019

OpenDNSSEC 1.0.0 has been released

OpenDNSSEC is delivered free, is open-source and offers more flexibility and control than other software tools. The objective is to simplify for web hosting companies, Internet services operators, name server operators and top-level domains to deploy secure DNS (DNSSEC).

OpenDNSSEC has been available as a beta version for a period of time, but we are now proud to present version 1.0.0. The testing period has ensured that the software is ready for deployment in production environments.

Flexible configuration options give control

This last year a number of other free tools and commercial software products for DNSSEC have been developed. The major advantages with OpenDNSSEC are, among other things, that it is both easy to use and offer very flexible configuration options. You can choose an extremely high level of automation using a standard configuration, but users can also take charge themselves and customize their configuration to fit their own needs.

Can be integrated in commercial applications

Furthermore, OpenDNSSEC is supplied with a license that gives a green light to suppliers of commercial products who want to utilize the open source code and include it in their software, without having to open up their own code. The developers of OpenDNSSEC are aiming to spread the use of DNSSEC as much as possible.

Deployment

We know that many top-level domains are now evaluating OpenDNSSEC for use in their own organization. Both .SE and Nominet (.uk) are planning to deploy it real soon and others will follow.

Who is behind OpenDNSSEC?

OpenDNSSEC has been developed in an international co-operation project with several participants. The most important ones are: .SE, Nominet , SIDN, NLnet Labs, SURFnet , and Kirei .

Future development

OpenDNSSEC 1.0 is somewhat limited regarding optimal performance for very large zones or if you want to sign a large number of zones. The will be fixed in future releases. Firstly we have version 1.1 in March, which will have improved performance (do sorting, signing, and policy handling faster) and better possibility to integrate with other software (e.g. for registrars that want to automatically send the public key up to its parent). Secondly we have version 2.0, which will include e.g. IXFR with dynamic updates and improved codebase.  You can read more in our release plan.

The installation process will be easier once OpenDNSSEC gets package for the different unix distributions. We are currently in contact with Debian, Ubuntu, NetBSD, FreeBSD, and Gentoo.

How you get started

Start by going to our web page: www.opendnssec.org. Have a look around and read the documentation. Download and install the OpenDNSSEC 1.0.0, get the SoftHSM or any other HSM up and running, configure OpenDNSSEC, sign your zone, and finally present it to the world by loading your zone into your name server. And if your TLD is DNSSEC enabled, then don’t forget to upload your public key.