DNSSEC Walker
DNSSEC Walker is a tool to recover DNS zonefiles using the DNS protocol. The server does not have to support zonetransfer, but the zone must contain DNSSEC "NXT" or "NSEC" records. Optionally, it can also verify DNSSEC signatures on the RRsets within the zone.
| Tags | Internet DNS Security Utilities Systems Administration |
|---|---|
| Licenses | Freeware GPL |
| Operating Systems | POSIX |
| Implementation | Perl |
Recent releases
- 20 Sep 2005 11:08
Changes: Able to verify more then one signature per owner name, and also print which key tag was used for verification. The parameter -x has been added to enable EDNS.0 DNSSEC when retrieving SIG/RRSIG types, because some servers don't return those records otherwise.
- 19 Sep 2005 10:04
Changes: Support for an optional "startname" parameter was added; it is used to specify which owner name to start walking on, which is useful when interrupted half way through a big zone.
- 14 Sep 2005 04:28
Changes: Verifying signatures (the -y parameter) in zones that have multiple online keys now works. This make it possible to verify signatures in ".se", the world's first ccTLD that uses DNSSEC in the real zone.
- 04 Jun 2004 05:51
Changes: This release adds bugfixes and improved output.
- 02 Jun 2004 08:02
Changes: Support was added for RRSIG/DNSKEY (as well as old-style SIG/KEY). The -n parameter now enables non-recursiveness for everything. Output was improved.
