
PURPOSE:

  This is a simple test setup for DNSSEC demos and tests.


DISTRIBUTION:

 It is not intended for wide distribution and should never be
 configured on a machine with a connection to the public
 internet. Please do also not further distribute this setup, it
 contains a root hints file that may mistakenly be used by people that
 do not fully understand it's use.


USAGE: 

 This demo assumes that the following addresses are configured:

 10.0.53.200, 10.0.53.201, 10.0.53.202, 10.0.53.203, 10.0.53.204 and 
 10.0.53.205. A nameserver will be bound to these addresses.

 The verifying forwarder (verifier) will run on 10.0.53.204 it dnssec
 log files live in verifier/log/dnssec this file contains the useful
 information.  A non verifying forwarder will run on 10.0.53.205

 After you unpacked the tar ball you have to edit the file
 directory.conf so that it reflects the path to de directory in which
 you find the main Makefile (and this README file). You will also have
 to set the path of NAMED and NAMED2 in the Makefile.


 The whole package is intended for demo purposes only and does not have
 a full documentation (yet). Look at the Makefiles to get an idea of what
 is happening in detail. A rough outline:

  - sub.tld gets signed, the keyset-sub.tld. file created during the
    dnssec-signzone is copied to the tld directory (keyexchange). This
    is actually done by the make process in the TLD directory. This is
    not a good analogy to the real world where a parent would not see
    if it's child rolled over.

NOTES:

 - You will have to run bind-9.3.0s20021217 or later.


 - We assume bind to be installed with prefix=/usr/local. Modify the
   paths in the makefiles if your setup is different.


AUTHOR:

Please send comments and suggestions to: Olaf Kolkman (olaf@ripe.net)


THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE,
INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS; IN NO
EVENT SHALL AUTHOR BE LIABLE FOR ANY SPECIAL, INDIRECT OR
CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
PERFORMANCE OF THIS SOFTWARE.


$Id$