DNSSEC Walker is a tool to recover DNS zonefiles using the DNS protocol. The server does not have to support zonetransfer, but the zone must contain DNSSEC "NXT" or "NSEC" records. Optionally, it can also verify DNSSEC signatures on the RRsets within the zone.
|Tags||Internet DNS Security Utilities Systems Administration|
Release Notes: Able to verify more then one signature per owner name, and also print which key tag was used for verification. The parameter -x has been added to enable EDNS.0 DNSSEC when retrieving SIG/RRSIG types, because some servers don't return those records otherwise.
Release Notes: Support for an optional "startname" parameter was added; it is used to specify which owner name to start walking on, which is useful when interrupted half way through a big zone.
Release Notes: Verifying signatures (the -y parameter) in zones that have multiple online keys now works. This make it possible to verify signatures in ".se", the world's first ccTLD that uses DNSSEC in the real zone.
Release Notes: This release adds bugfixes and improved output.
Release Notes: Support was added for RRSIG/DNSKEY (as well as old-style SIG/KEY). The -n parameter now enables non-recursiveness for everything. Output was improved.