Here is a provisional roadmap for the upcoming releases of YADIFA. Click on the links for a listing of the key features included in each release.
Supported operating systems
- MacOS X
- Linux (Debian, CentOS, Arch, ...)
- *BSD (FreeBSD)
- Solaris
Functionality
- authoritative name server
- DNS UPDATE
- DNS NOTIFY
- AXFR
- IXFR
- full featured client (yadifa), which can be used to control the server
- key management, including a tool to generate dnssec keys
- multi-master support
- support for other network models
- detect and configure hyperthreading
- support for openssl 1.1.0 API
- new database
-
Mechanisms implemented for DNSSEC
- re-signing zone file
- fully automated signing of zones and key-roll over
Directives and special constructs
- TTL
- ORIGIN
- *(wildcard)
- @ (in zone file)
Resource Record types
Type Value Supported References A 1 Y [RFC1035] NS 2 Y [RFC1035] MD 3 Y [RFC1035] MF 4 Y [RFC1035] CNAME 5 Y [RFC1035] SOA 6 Y [RFC1035] MB 7 Y [RFC1035] MG 8 Y [RFC1035] MR 9 Y [RFC1035] WKS 11 Y [RFC1035] PTR 12 Y [RFC1035] HINFO 13 Y [RFC1035] MX 15 Y [RFC1035] TXT 16 Y [RFC1035] AAAA 28 Y [RFC3596] SRV 33 Y [RFC2782] NAPTR 35 Y [RFC2915][RFC2168][RFC3403] DS 43 Y [RFC4034][RFC3658] SSHFP 44 Y [RFC4255] RRSIG 46 Y [RFC4034][RFC3755] NSEC 47 Y [RFC4034][RFC3755] DNSKEY 48 Y [RFC4034][RFC3755] NSEC3 50 Y [RFC5155] NSEC3PARAM 51 Y [RFC5155] TLSA 52 Y [RFC6698] Algorithms implemented
- RSA
- DSA
- ECDSA
Value Algorithm [Mnemonic] Zone Signing References Status 3 DSA y [RFC3755][RFC2536] OPTIONAL 5 RSASHA1 y [RFC3110][RFC4034] MANDATORY 6 DSA-NSEC3-SHA1 y [RFC5155] OPTIONAL 7 RSASHA1-NSEC3-SHA1 y [RFC5155] MANDATORY 8 RSASHA256 y [RFC5702] - 10 RSASHA512 y [RFC5702] - 13 ECDSAP256SHA256 y [RFC6605] - 14 ECDSAP384SHA384 y [RFC6605] -
Supported operating systems
- MacOS X
- Linux (Debian, CentOS, Arch, ...)
- *BSD (FreeBSD)
- Solaris
Functionality
- authoritative name server
- DNS UPDATE
- DNS NOTIFY
- AXFR
- IXFR
- full featured client (yadifa), which can be used to control the server
- key management, including a tool to generate dnssec keys
- multi-master support
- support for other network models
- detect and configure hyperthreading
- support for openssl 1.1.0 API
- specify source address
- allow signing with zone signing keys only
-
Mechanisms implemented for DNSSEC
- re-signing zone file
- fully automated signing of zones and key-roll over
Directives and special constructs
- TTL
- ORIGIN
- *(wildcard)
- @ (in zone file)
Resource Record types
Type Value Supported References A 1 Y [RFC1035] NS 2 Y [RFC1035] MD 3 Y [RFC1035] MF 4 Y [RFC1035] CNAME 5 Y [RFC1035] SOA 6 Y [RFC1035] MB 7 Y [RFC1035] MG 8 Y [RFC1035] MR 9 Y [RFC1035] WKS 11 Y [RFC1035] PTR 12 Y [RFC1035] HINFO 13 Y [RFC1035] MX 15 Y [RFC1035] TXT 16 Y [RFC1035] AAAA 28 Y [RFC3596] SRV 33 Y [RFC2782] NAPTR 35 Y [RFC2915][RFC2168][RFC3403] DS 43 Y [RFC4034][RFC3658] SSHFP 44 Y [RFC4255] RRSIG 46 Y [RFC4034][RFC3755] NSEC 47 Y [RFC4034][RFC3755] DNSKEY 48 Y [RFC4034][RFC3755] NSEC3 50 Y [RFC5155] NSEC3PARAM 51 Y [RFC5155] TLSA 52 Y [RFC6698] Algorithms implemented
- RSA
- DSA
- ECDSA
Value Algorithm [Mnemonic] Zone Signing References Status 3 DSA y [RFC3755][RFC2536] OPTIONAL 5 RSASHA1 y [RFC3110][RFC4034] MANDATORY 6 DSA-NSEC3-SHA1 y [RFC5155] OPTIONAL 7 RSASHA1-NSEC3-SHA1 y [RFC5155] MANDATORY 8 RSASHA256 y [RFC5702] - 10 RSASHA512 y [RFC5702] - 13 ECDSAP256SHA256 y [RFC6605] - 14 ECDSAP384SHA384 y [RFC6605] -
Supported operating systems
- MacOS X
- Linux (Debian, CentOS, Arch, ...)
- *BSD (OpenBSD, FreeBSD)
- Solaris
Functionality
- authoritative name server
- DNS UPDATE
- DNS NOTIFY
- AXFR
- IXFR
- full featured client (yadifa), which can be used to control the server
- key management, including a tool to generate dnssec keys
- multi-master support
- support for other network models
- detect and configure hyperthreading
- support for openssl 1.1.0 API
- re-implementation of configuration
- re-signing zone file
- fully automated signing of zones and key-roll over
- TTL
- ORIGIN
- *(wildcard)
- @ (in zone file)
- RSA
- DSA
- ECDSA
Mechanisms implemented for DNSSEC
Directives and special constructs
Resource Record types
| Type | Value | Supported | References |
|---|---|---|---|
| A | 1 | Y | [RFC1035] |
| NS | 2 | Y | [RFC1035] |
| MD | 3 | Y | [RFC1035] |
| MF | 4 | Y | [RFC1035] |
| CNAME | 5 | Y | [RFC1035] |
| SOA | 6 | Y | [RFC1035] |
| MB | 7 | Y | [RFC1035] |
| MG | 8 | Y | [RFC1035] |
| MR | 9 | Y | [RFC1035] |
| WKS | 11 | Y | [RFC1035] |
| PTR | 12 | Y | [RFC1035] |
| HINFO | 13 | Y | [RFC1035] |
| MX | 15 | Y | [RFC1035] |
| TXT | 16 | Y | [RFC1035] |
| AAAA | 28 | Y | [RFC3596] |
| SRV | 33 | Y | [RFC2782] |
| NAPTR | 35 | Y | [RFC2915][RFC2168][RFC3403] |
| DS | 43 | Y | [RFC4034][RFC3658] |
| SSHFP | 44 | Y | [RFC4255] |
| RRSIG | 46 | Y | [RFC4034][RFC3755] |
| NSEC | 47 | Y | [RFC4034][RFC3755] |
| DNSKEY | 48 | Y | [RFC4034][RFC3755] |
| NSEC3 | 50 | Y | [RFC5155] |
| NSEC3PARAM | 51 | Y | [RFC5155] |
| TLSA | 52 | Y | [RFC6698] |
Algorithms implemented
| Value | Algorithm [Mnemonic] | Zone Signing | References | Status |
|---|---|---|---|---|
| 3 | DSA | y | [RFC3755][RFC2536] | OPTIONAL |
| 5 | RSASHA1 | y | [RFC3110][RFC4034] | MANDATORY |
| 6 | DSA-NSEC3-SHA1 | y | [RFC5155] | OPTIONAL |
| 7 | RSASHA1-NSEC3-SHA1 | y | [RFC5155] | MANDATORY |
| 8 | RSASHA256 | y | [RFC5702] | - |
| 10 | RSASHA512 | y | [RFC5702] | - |
| 13 | ECDSAP256SHA256 | y | [RFC6605] | - |
| 14 | ECDSAP384SHA384 | y | [RFC6605] | - |
Supported operating systems
- MacOS X
- Linux (Debian, CentOS, Arch, ...)
- *BSD (OpenBSD, FreeBSD)
- Solaris
Functionality
- authoritative name server
- DNS UPDATE
- DNS NOTIFY
- AXFR
- IXFR
- full featured client (yadifa), which can be used to control the server
- key management, including a tool to generate dnssec keys
- multi-master support
- support for other network models
- detect and configure hyperthreading
- support for openssl 1.1.0 API
- re-signing zone file
- fully automated signing of zones and key-roll over
- TTL
- ORIGIN
- *(wildcard)
- @ (in zone file)
- RSA
- DSA
- ECDSA
Mechanisms implemented for DNSSEC
Directives and special constructs
Resource Record types
| Type | Value | Supported | References |
|---|---|---|---|
| A | 1 | Y | [RFC1035] |
| NS | 2 | Y | [RFC1035] |
| MD | 3 | Y | [RFC1035] |
| MF | 4 | Y | [RFC1035] |
| CNAME | 5 | Y | [RFC1035] |
| SOA | 6 | Y | [RFC1035] |
| MB | 7 | Y | [RFC1035] |
| MG | 8 | Y | [RFC1035] |
| MR | 9 | Y | [RFC1035] |
| WKS | 11 | Y | [RFC1035] |
| PTR | 12 | Y | [RFC1035] |
| HINFO | 13 | Y | [RFC1035] |
| MX | 15 | Y | [RFC1035] |
| TXT | 16 | Y | [RFC1035] |
| AAAA | 28 | Y | [RFC3596] |
| SRV | 33 | Y | [RFC2782] |
| NAPTR | 35 | Y | [RFC2915][RFC2168][RFC3403] |
| DS | 43 | Y | [RFC4034][RFC3658] |
| SSHFP | 44 | Y | [RFC4255] |
| RRSIG | 46 | Y | [RFC4034][RFC3755] |
| NSEC | 47 | Y | [RFC4034][RFC3755] |
| DNSKEY | 48 | Y | [RFC4034][RFC3755] |
| NSEC3 | 50 | Y | [RFC5155] |
| NSEC3PARAM | 51 | Y | [RFC5155] |
| TLSA | 52 | Y | [RFC6698] |
Algorithms implemented
| Value | Algorithm [Mnemonic] | Zone Signing | References | Status |
|---|---|---|---|---|
| 3 | DSA | y | [RFC3755][RFC2536] | OPTIONAL |
| 5 | RSASHA1 | y | [RFC3110][RFC4034] | MANDATORY |
| 6 | DSA-NSEC3-SHA1 | y | [RFC5155] | OPTIONAL |
| 7 | RSASHA1-NSEC3-SHA1 | y | [RFC5155] | MANDATORY |
| 8 | RSASHA256 | y | [RFC5702] | - |
| 10 | RSASHA512 | y | [RFC5702] | - |
| 13 | ECDSAP256SHA256 | y | [RFC6605] | - |
| 14 | ECDSAP384SHA384 | y | [RFC6605] | - |
Supported operating systems
- MacOS X
- Linux (Debian, CentOS, Arch, ...)
- *BSD (OpenBSD, FreeBSD)
- Solaris
Functionality
- authoritative name server
- DNS UPDATE
- DNS NOTIFY
- AXFR
- IXFR
- full featured client (yadifa), which can be used to control the server
- key management, including a tool to generate dnssec keys
- multi-master support
- support for other network models
- detect and configure hyperthreading
- re-signing zone file
- fully automated signing of zones and key-roll over
- TTL
- ORIGIN
- *(wildcard)
- @ (in zone file)
- RSA
- DSA
- ECDSA
Mechanisms implemented for DNSSEC
Directives and special constructs
Resource Record types
| Type | Value | Supported | References |
|---|---|---|---|
| A | 1 | Y | [RFC1035] |
| NS | 2 | Y | [RFC1035] |
| MD | 3 | Y | [RFC1035] |
| MF | 4 | Y | [RFC1035] |
| CNAME | 5 | Y | [RFC1035] |
| SOA | 6 | Y | [RFC1035] |
| MB | 7 | Y | [RFC1035] |
| MG | 8 | Y | [RFC1035] |
| MR | 9 | Y | [RFC1035] |
| WKS | 11 | Y | [RFC1035] |
| PTR | 12 | Y | [RFC1035] |
| HINFO | 13 | Y | [RFC1035] |
| MX | 15 | Y | [RFC1035] |
| TXT | 16 | Y | [RFC1035] |
| AAAA | 28 | Y | [RFC3596] |
| SRV | 33 | Y | [RFC2782] |
| NAPTR | 35 | Y | [RFC2915][RFC2168][RFC3403] |
| DS | 43 | Y | [RFC4034][RFC3658] |
| SSHFP | 44 | Y | [RFC4255] |
| RRSIG | 46 | Y | [RFC4034][RFC3755] |
| NSEC | 47 | Y | [RFC4034][RFC3755] |
| DNSKEY | 48 | Y | [RFC4034][RFC3755] |
| NSEC3 | 50 | Y | [RFC5155] |
| NSEC3PARAM | 51 | Y | [RFC5155] |
| TLSA | 52 | Y | [RFC6698] |
Algorithms implemented
| Value | Algorithm [Mnemonic] | Zone Signing | References | Status |
|---|---|---|---|---|
| 3 | DSA | y | [RFC3755][RFC2536] | OPTIONAL |
| 5 | RSASHA1 | y | [RFC3110][RFC4034] | MANDATORY |
| 6 | DSA-NSEC3-SHA1 | y | [RFC5155] | OPTIONAL |
| 7 | RSASHA1-NSEC3-SHA1 | y | [RFC5155] | MANDATORY |
| 8 | RSASHA256 | y | [RFC5702] | - |
| 10 | RSASHA512 | y | [RFC5702] | - |
| 13 | ECDSAP256SHA256 | y | [RFC6605] | - |
| 14 | ECDSAP384SHA384 | y | [RFC6605] | - |
Supported operating systems
- MacOS X
- Linux (Debian, CentOS, Arch, ...)
- *BSD (OpenBSD, FreeBSD)
- Solaris
Functionality
- authoritative name server
- DNS UPDATE
- DNS NOTIFY
- AXFR
- IXFR
- full featured client (yadifa), which can be used to control the server
- key management, including a tool to generate dnssec keys
- multi-master support
- support for other network models
- re-signing zone file
- fully automated signing of zones and key-roll over
- TTL
- ORIGIN
- *(wildcard)
- @ (in zone file)
- RSA
- DSA
- ECDSA
Mechanisms implemented for DNSSEC
Directives and special constructs
Resource Record types
| Type | Value | Supported | References |
|---|---|---|---|
| A | 1 | Y | [RFC1035] |
| NS | 2 | Y | [RFC1035] |
| MD | 3 | Y | [RFC1035] |
| MF | 4 | Y | [RFC1035] |
| CNAME | 5 | Y | [RFC1035] |
| SOA | 6 | Y | [RFC1035] |
| MB | 7 | Y | [RFC1035] |
| MG | 8 | Y | [RFC1035] |
| MR | 9 | Y | [RFC1035] |
| WKS | 11 | Y | [RFC1035] |
| PTR | 12 | Y | [RFC1035] |
| HINFO | 13 | Y | [RFC1035] |
| MX | 15 | Y | [RFC1035] |
| TXT | 16 | Y | [RFC1035] |
| AAAA | 28 | Y | [RFC3596] |
| SRV | 33 | Y | [RFC2782] |
| NAPTR | 35 | Y | [RFC2915][RFC2168][RFC3403] |
| DS | 43 | Y | [RFC4034][RFC3658] |
| SSHFP | 44 | Y | [RFC4255] |
| RRSIG | 46 | Y | [RFC4034][RFC3755] |
| NSEC | 47 | Y | [RFC4034][RFC3755] |
| DNSKEY | 48 | Y | [RFC4034][RFC3755] |
| NSEC3 | 50 | Y | [RFC5155] |
| NSEC3PARAM | 51 | Y | [RFC5155] |
| TLSA | 52 | Y | [RFC6698] |
Algorithms implemented
| Value | Algorithm [Mnemonic] | Zone Signing | References | Status |
|---|---|---|---|---|
| 3 | DSA | y | [RFC3755][RFC2536] | OPTIONAL |
| 5 | RSASHA1 | y | [RFC3110][RFC4034] | MANDATORY |
| 6 | DSA-NSEC3-SHA1 | y | [RFC5155] | OPTIONAL |
| 7 | RSASHA1-NSEC3-SHA1 | y | [RFC5155] | MANDATORY |
| 8 | RSASHA256 | y | [RFC5702] | - |
| 10 | RSASHA512 | y | [RFC5702] | - |
| 13 | ECDSAP256SHA256 | y | [RFC6605] | - |
| 14 | ECDSAP384SHA384 | y | [RFC6605] | - |
Supported operating systems
- MacOS X
- Linux (Ubuntu, CentOS, ...)
- *BSD (OpenBSD, FreeBSD)
- Solaris
Functionality
- authoritative name server
- DNS UPDATE
- DNS NOTIFY
- AXFR
- IXFR
- full featured client (yadifa), which can be used to control the server
Mechanisms implemented for DNSSEC
- re-signing zone file
Directives and special constructs
- TTL
- ORIGIN
- *(wildcard)
- @ (in zone file)
Resource Record types
| Type | Value | Supported | References |
|---|---|---|---|
| A | 1 | Y | [RFC1035] |
| NS | 2 | Y | [RFC1035] |
| MD | 3 | Y | [RFC1035] |
| MF | 4 | Y | [RFC1035] |
| CNAME | 5 | Y | [RFC1035] |
| SOA | 6 | Y | [RFC1035] |
| MB | 7 | Y | [RFC1035] |
| MG | 8 | Y | [RFC1035] |
| MR | 9 | Y | [RFC1035] |
| WKS | 11 | Y | [RFC1035] |
| PTR | 12 | Y | [RFC1035] |
| HINFO | 13 | Y | [RFC1035] |
| MX | 15 | Y | [RFC1035] |
| TXT | 16 | Y | [RFC1035] |
| AAAA | 28 | Y | [RFC3596] |
| SRV | 33 | Y | [RFC2782] |
| NAPTR | 35 | Y | [RFC2915][RFC2168][RFC3403] |
| DS | 43 | Y | [RFC4034][RFC3658] |
| SSHFP | 44 | Y | [RFC4255] |
| RRSIG | 46 | Y | [RFC4034][RFC3755] |
| NSEC | 47 | Y | [RFC4034][RFC3755] |
| DNSKEY | 48 | Y | [RFC4034][RFC3755] |
| NSEC3 | 50 | Y | [RFC5155] |
| NSEC3PARAM | 51 | Y | [RFC5155] |
| TLSA | 52 | Y | [RFC6698] |
Algorithms implemented
- RSA
- DSA
| Value | Algorithm [Mnemonic] | Zone Signing | References | Status |
|---|---|---|---|---|
| 3 | DSA | y | [RFC3755][RFC2536] | OPTIONAL |
| 5 | RSASHA1 | y | [RFC3110][RFC4034] | MANDATORY |
| 6 | DSA-NSEC3-SHA1 | y | [RFC5155] | OPTIONAL |
| 7 | RSASHA1-NSEC3-SHA1 | y | [RFC5155] | MANDATORY |
| 8 | RSASHA256 | y | [RFC5702] | - |
| 10 | RSASHA512 | y | [RFC5702] | - |
Supported operating systems
- MacOS X
- Linux (Ubuntu, CentOS, ...)
- FreeBSD
Functionality
- authoritative name server
- DNS UPDATE
- DNS NOTIFY
- AXFR
- IXFR
- full featured client (yadifa), which can be used to control the server
Mechanisms implemented for DNSSEC
- re-signing zone file
Directives and special constructs
- TTL
- ORIGIN
- *(wildcard)
- @ (in zone file)
Resource Record types
| Type | Value | Supported | References |
|---|---|---|---|
| A | 1 | Y | [RFC1035] |
| NS | 2 | Y | [RFC1035] |
| MD | 3 | Y | [RFC1035] |
| MF | 4 | Y | [RFC1035] |
| CNAME | 5 | Y | [RFC1035] |
| SOA | 6 | Y | [RFC1035] |
| MB | 7 | Y | [RFC1035] |
| MG | 8 | Y | [RFC1035] |
| MR | 9 | Y | [RFC1035] |
| WKS | 11 | Y | [RFC1035] |
| PTR | 12 | Y | [RFC1035] |
| HINFO | 13 | Y | [RFC1035] |
| MX | 15 | Y | [RFC1035] |
| TXT | 16 | Y | [RFC1035] |
| AAAA | 28 | Y | [RFC3596] |
| SRV | 33 | Y | [RFC2782] |
| NAPTR | 35 | Y | [RFC2915][RFC2168][RFC3403] |
| DS | 43 | Y | [RFC4034][RFC3658] |
| SSHFP | 44 | Y | [RFC4255] |
| RRSIG | 46 | Y | [RFC4034][RFC3755] |
| NSEC | 47 | Y | [RFC4034][RFC3755] |
| DNSKEY | 48 | Y | [RFC4034][RFC3755] |
| NSEC3 | 50 | Y | [RFC5155] |
| NSEC3PARAM | 51 | Y | [RFC5155] |
| TLSA | 52 | Y | [RFC6698] |
Algorithms implemented
- RSA
- DSA
| Value | Algorithm [Mnemonic] | Zone Signing | References | Status |
|---|---|---|---|---|
| 3 | DSA | y | [RFC3755][RFC2536] | OPTIONAL |
| 5 | RSASHA1 | y | [RFC3110][RFC4034] | MANDATORY |
| 6 | DSA-NSEC3-SHA1 | y | [RFC5155] | OPTIONAL |
| 7 | RSASHA1-NSEC3-SHA1 | y | [RFC5155] | MANDATORY |
| 8 | RSASHA256 | y | [RFC5702] | - |
| 10 | RSASHA512 | y | [RFC5702] | - |
Extra
- more generic parser
- internal rearrangements
- preparation for new functionality (dynamic provisioning, ...)
Supported operating systems
- MacOS X
- Linux (Ubuntu, CentOS, ...)
- FreeBSD
Functionality
- authoritative name server
- DNS UPDATE
- DNS NOTIFY
- AXFR
- IXFR
Mechanisms implemented for DNSSEC
- re-signing zone file
Directives and special constructs
- TTL
- ORIGIN
- *(wildcard)
Resource Record types
| Type | Value | Supported | References |
|---|---|---|---|
| A | 1 | Y | [RFC1035] |
| NS | 2 | Y | [RFC1035] |
| MD | 3 | Y | [RFC1035] |
| MF | 4 | Y | [RFC1035] |
| CNAME | 5 | Y | [RFC1035] |
| SOA | 6 | Y | [RFC1035] |
| MB | 7 | Y | [RFC1035] |
| MG | 8 | Y | [RFC1035] |
| MR | 9 | Y | [RFC1035] |
| WKS | 11 | Y | [RFC1035] |
| PTR | 12 | Y | [RFC1035] |
| HINFO | 13 | Y | [RFC1035] |
| MX | 15 | Y | [RFC1035] |
| TXT | 16 | Y | [RFC1035] |
| AAAA | 28 | Y | [RFC3596] |
| SRV | 33 | Y | [RFC2782] |
| NAPTR | 35 | Y | [RFC2915][RFC2168][RFC3403] |
| DS | 43 | Y | [RFC4034][RFC3658] |
| SSHFP | 44 | Y | [RFC4255] |
| RRSIG | 46 | Y | [RFC4034][RFC3755] |
| NSEC | 47 | Y | [RFC4034][RFC3755] |
| DNSKEY | 48 | Y | [RFC4034][RFC3755] |
| NSEC3 | 50 | Y | [RFC5155] |
| NSEC3PARAM | 51 | Y | [RFC5155] |
Algorithms implemented
- RSA
| Value | Algorithm [Mnemonic] | Zone Signing | References | Status |
|---|---|---|---|---|
| 5 | RSASHA1 | y | [RFC3110][RFC4034] | MANDATORY |
| 7 | RSASHA1-NSEC3-SHA1 | y | [RFC5155] | MANDATORY |