 |
|
|
|
|
|
 |
|
||||
 |
 |
 |
|
||
 |
|
||||
|
|
|
|
|
|
|
|
||||
|
|
|
|
||
|
|
||||
DNSSEC - Drill Extension for Mozilla FirefoxThe drill extension performs DNSSEC lookups for the main hostname of the current page in firefox. It uses Drill to chase the signatures up to a trusted key. The user can specify trusted keys by putting them in a directory of his choice (see usage). DownloadThe current release is 0.6, get it here: drill-0.6.xpi. Don't forget to install drill. It needs that to do the actual verification. UsageAfter installing the extension, the statusbar shows a new icon: normally, for unverified pages, the icon will be: 
If the hostname record in the DNS is signed and can be traced up to a trusted key, the icon will look like this: 
By clicking on preferences in the extension menu, or just clicking on the icon, you will get to the preferences dialog: 
The first entry is the location of the drill executable (full path). The second entry is the address or hostname of a DNSSEC enable caching forwarder. For instance BIND 9 with the dnssec-enable option set to yes. The last entry is a directory on your filesystem that contains public key files. The name of these files must end with ".key" and they must be of the following form: pr. IN DNSKEY 256 3 5 BQEAAAABvS8Q64q8v62DW3y4Et UmsHr0dpU9Mizo63NXFMlEA4UaO88s B5il79MbJ0dz mRZ7M+j/E5pVSTTazJsK6LMnncBF3bwMWo4/nVVB0d9 E 6CsClsJFU+A0a8kWIZ+aXuqUHO7QZ88qG7cwLbTNw Heo1X+ArvXgXmU6 OaemL3v5+eU= You can put any number of keys in this directory. You can try and visit http://www.nic.pr. If all is well, the icon should switch to 'verified' after the page has been loaded. As below:  |
Gauss Research Laboratory, Inc.
© All Rights Reserved 1986 - 2007