Dan Kaminsky DNSSEC Tool - Zero Configuration DNSSEC Proxy
Phreebird is a DNSSEC proxy that operates in front of an existing DNS server (BIND, Unbound, PowerDNS, Microsoft DNS, QIP) and supplements its records with DNSSEC responses.
Features of Phreebird include:
- Automatic key generation
- Realtime record signing -- no "batch signing"
- Support for arbitrary responses
- Zero configuration, even for multiple zones (all zones share the same key)
- Support for realtime generation of NSEC3 records, a.k.a. "NSEC3 White Lies"
- Caching of signed answers with a maximum bound on how large the cache can get
- Rate limiting for NSEC3 responses
- Experimental Support for "time.arpa" Coarse Time over DNS
- Experimental Support for "HTTP Virtual Channel" DNS over HTTP
Slideshare: Introducing the Domain Key Infrastructure
Download Phreebird Suite 1.01