user869887
Reputation: 31
DNSSEC Sign RRSET using DNSPython
I'm trying to DNSSEC Sign a RRSET, however I am not able finding any references to how to do so using DNSPython. Yes it has dns.dnssec.validate_rrsig(), but I want to DNSSEC sign a rrset, how can this be done?
I've been pooring over the RFC's however I'm obviously lacking something in order to make it work.
Upvotes: 3
Views: 1006
Answers (1)
jman
Reputation: 11596
Do you really have to do it with DNSPython? Is this a custom name server?
The typical way you normally do it (with bind, for example) is by pre-signing the zone file. The DNSSEC RRSIG does not have any dependency on the connection parameters so we don't really have to do on-the-fly signing. Also, things like NSEC would be easier to handle if you pre-sign.
Upvotes: 0
Related Questions
- Why is dnspython giving me this error?
- Reading DNS packet in python
- Programmatically check if domains are DNSSEC protected
- Create RSA SHA-256 (DNSSEC valid) keys?
- Python + DNS : Cannot get RRSIG records: No Answer
- How do I see if a domain uses DNSSEC
- DNSSEC using dnspython error: AttributeError: 'NS' object has no attribute 'is_absolute'
- How to add reverse IP record by using DNSPython
- Query reverse dns lookups with dnspython
- Custom DNS Server with Python