Projects / DNSSEC Walker


DNSSEC Walker is a tool to recover DNS zonefiles using the DNS protocol. The server does not have to support zonetransfer, but the zone must contain DNSSEC "NXT" or "NSEC" records. Optionally, it can also verify DNSSEC signatures on the RRsets within the zone.

Operating Systems

Recent releases

  •  20 Sep 2005 18:08

    Release Notes: Able to verify more then one signature per owner name, and also print which key tag was used for verification. The parameter -x has been added to enable EDNS.0 DNSSEC when retrieving SIG/RRSIG types, because some servers don't return those records otherwise.

    •  19 Sep 2005 17:04

      Release Notes: Support for an optional "startname" parameter was added; it is used to specify which owner name to start walking on, which is useful when interrupted half way through a big zone.

      •  14 Sep 2005 11:28

        Release Notes: Verifying signatures (the -y parameter) in zones that have multiple online keys now works. This make it possible to verify signatures in ".se", the world's first ccTLD that uses DNSSEC in the real zone.

        •  04 Jun 2004 12:51

          Release Notes: This release adds bugfixes and improved output.

          •  02 Jun 2004 15:02

            Release Notes: Support was added for RRSIG/DNSKEY (as well as old-style SIG/KEY). The -n parameter now enables non-recursiveness for everything. Output was improved.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.