Multiple DNS implementations vulnerable to cache poisoning

aside from just getting some cctlds signed, i will be interested in the
tools, usability, work flow, ... i.e. what is it like for a poor
innocent cctld which wants to sign their zone?

If there is sufficient interest, we could do a bar bof to describe some of
the tools IANA has...

> I think Sandy Murphy or other Sparta folks have presented some of the
> work they've done on this... Perhaps finding one/some of them and
> having a more operations focused presentation in LAX or ... is a good
> idea as well?

The tools that Sparta developed (and made freely available via an open
source packaged that is BSD licensed) can be found at . In particular, signing a zone is

yup, and that's helpful stuff.

Great, we're trying to provide tools that will help with the deployment and
operation of DNSSEC. We also try to keep a listing of all the 'pieces'
that we know about that could be helpful to folks who want to deploy and
use DNSSEC in various ways whether they are operating a signed zone,
running a validating resolver or wanting DNSSEC-aware applications. The url
for the listing is:

We provide the listing as community resource and try to keep it reasonably
current. But we are always on the lookout for additional information (&
corrections) to the list - if you have any, please let me know.


All for free. Don't you hate those ??biased??, freely-available,
source-code-supplied-so-you-can-change-it, BSD-licensed open source

I like free... as long as it's the hammer I need for the nails I have.


We don't try to keep track of things in the listing by whether they or free
or not but I know a lot of them have typical open source type of licenses.