README for the NSECepsilon proof of concept library.             -*-text-*-

The NSECepsilon "proof of concept" distribution consists out of the
perl library and a nameserver and some parsinging scripts in the
Server-Setup directory.



INSTALLATION

 To be able to work with this library you will need a patched version
 of Net::DNS::0.48. This version is labeled Net::DNS 0.48_1 (note that
 althought this patch has been submitted to maintainer of Net::DNS it
 may not end up in the "official Net::DNS v0.48_1). The patched version
 is available from http://www.kolkman.org/NSECepsilon/

 You will also need Net::DNS::SEC and Net::DNS::Zone::Parser, both
 availble from CPAN.

 Install perl distributions by untarring them, running 'perl
 Makefile.PL' or 'perl Makefile.PL PREFIX=/alternative/path'. Then run
 'make', 'make test' and 'make install'.

 To install from CPAN use 'perl -MCPAN -e install Package::Name'

 Install Net::DNS first. Both Net::DNS::SEC and Net::DNS::Zone::Parser
 depend on it.


DEMONSTRATION

 A demonstration server lives in "Server-Setup".

 The overal event chain is:

A preparation phase (taken care of by the Makefile):
   - start with an unsigned zone,
   - preprocess it with the preparer.pl script, this script inserts
     TXT records with owner name "dname+epsilon" for each dname in the
     zone.
   - Add the zones keyset (possibly with signatures)
   - sign with dnssec-signzone
   - strip the "dname+epsilon" records using stripper.pl
   - load that zone into a bind nameserver configured to run on 
     a private address.

Note that the preperation tools do not deal well with glue records.


Serving:
   - start the ns.pl proxy server, that server will base on the original
     query and the answer from the bind server mangle ans forward the 
     answer.

Read ns.pl for the details, I hope it is clear enough.



$Id: README,v 1.2 2004/11/29 18:24:12 olaf Exp $