Sophie

Sophie

distrib > Mandriva > 2010.0 > i586 > media > contrib-release > by-pkgid > ccd6d20295ff28f0d90115b0394355f1 > files > 200

libdnssec-tools-devel-1.5-2mdv2010.0.i586.rpm

			  wget DNSSEC HOWTO
			=====================
			    (Version 0.1)

Introduction
============

This HOWTO describes the installation, configuration and execution
steps for adding DNSSEC validation to the wget application.  The
patch in this directory has been tested on the wget-1.10.2 source.
It may also work on similar versions of wget.

Note: Currently, This patch only works on systems that support IPv6.
The local machine does not need to actually use IPv6, but the
system's TCP/IP stack does need to support it for this patch to
function properly.


Installation ============

Download wget-1.10.2.tar.gz from
http://ftp.gnu.org/pub/gnu/wget/

Unzip and untar it by:

   tar -xvzf wget-1.10.2.tar.gz

Go to the wget-1.10.2 directory:

   cd wget-1.10.2/

Apply the wget-1.10.2_dnssec_patch.txt in this directory by:

   patch -p 1 -b -z .orig </path/to/patch/wget-1.10.2_dnssec_patch.txt

This will apply the patch and store the original files with a .orig
suffix.

This patch requires the 'libval' library for DNSSEC validation.
This library can be found at http://dnssec-tools.sourceforge.net/.
You must install this library before compiling the patched wget
source.

Build and install wget as per the instructions given in the INSTALL
files within the wget source code.  On most systems this should just
require the following commands:

./configure
./make
./make install


Configuration
=============

All DNS queries are now checked using the dnssec-tools libval
libraries.  Attempts to send mail to untrusted sites will fail and
bounce with an applicable message.  Configuration of site trust is
done by editing the dnssec-tools' dnsval.conf file.  The default
location of this file is /usr/local/etc/dnssec-tools/dnsval.conf on
linux distributions, but this path is dependent on how dnssec-tools
was built.


Execution
=========

Start and run wget as normal.


To Test
=======

(I) Basic Scenarios: DNSSEC validation of wget
    ----------------------------------------------------

1. Create a patched wget.

2. Try to pull a file from a host domain whose records can be DNSSEC
   validated and where validation is required.  Verify that the file
   was copied to the local machine properly.

3. Try to pull a file from a host domain whose records cannot be DNSSEC
   validated and where validation is required.  Verify that the wget
   command failed with a DNSEC error.

-----------------------------------------------------------------------

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional