FS#20325 - DNSSEC: Add DNS validation support to ArchLinux
Attached to Project:
Arch Linux
Opened by Tomas Mudrunka (harvie) - Friday, 30 July 2010, 14:52 GMT
Last edited by Roman Kyrylych (Romashka) - Thursday, 04 November 2010, 18:28 GMT
Opened by Tomas Mudrunka (harvie) - Friday, 30 July 2010, 14:52 GMT
Last edited by Roman Kyrylych (Romashka) - Thursday, 04 November 2010, 18:28 GMT
|
Details
Description: DNSSEC is up and working on internet but
ArchLinux still have no support for it.
Adding following things are good start: * dnssec-tools package: https://www.dnssec-tools.org/ * dnssec-tools patch for OpenSSH (SSHFP - makes SSH 100% secure): http://www.dnssec-tools.org/readme/README.ssh * dnssec-tools patch for postfix (fight spam and frauds): https://www.dnssec-tools.org/wiki/index.php/Postfix * other dnssec-tools components: https://www.dnssec-tools.org/wiki/index.php/DNSSEC-Tools_Components * Firefox * jabberd * Thunderbird * lftp * wget * proftpd * Sendmail * LibSPF * ncftp |
This task depends upon
Closed by Roman Kyrylych (Romashka)
Thursday, 04 November 2010, 18:28 GMT
Reason for closing: Won't implement
Additional comments about closing: this is an area that AUR is for
Thursday, 04 November 2010, 18:28 GMT
Reason for closing: Won't implement
Additional comments about closing: this is an area that AUR is for
wonder: well. it's not good idea to patch openssh with some unt(ru|e)sted patches. but package with dnssec-tools libraries would be great beginning.
(it's not reliably secure at this time... i am still working on it...)
and official support of ldns and dnssec-tools packages seems to be very good platform to start development.
dnssec-root-zone-trust-anchors: http://aur.archlinux.org/packages.php?ID=39315
Another package that is really needed if we want to start doing something...
Then we can use libval-shim from that package to enable DNSSEC for most applications using LD_PRELOAD and other improvements towards deeper DNSSEC support should be simple and can follow very soon.