Skip to content

PQC-enabled Bind9 using Open Quantum Safe's oqs-provider.

License

Notifications You must be signed in to change notification settings

desec-io/OQS-bind

This branch is 46 commits ahead of Martyrshot/OQS-bind:main.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

da2338f · Jun 26, 2024
May 28, 2024
Aug 17, 2023
Jul 18, 2023
Jan 11, 2022
May 28, 2024
Aug 31, 2023
Dec 7, 2022
May 28, 2024
Sep 8, 2023
Aug 31, 2023
Jun 26, 2024
Dec 8, 2023
Oct 25, 2023
Sep 8, 2023
Apr 25, 2023
Mar 10, 2023
Jun 13, 2023
Jul 14, 2023
Aug 13, 2020
May 22, 2023
Aug 25, 2023
May 22, 2023
Jul 18, 2023
May 30, 2023
Feb 21, 2020
Dec 20, 2022
Sep 8, 2023
Jan 11, 2022
Sep 4, 2023
Apr 21, 2020
Jun 13, 2023
Apr 21, 2020
Jan 11, 2022
Aug 21, 2023
Feb 6, 2023
Aug 23, 2023
May 28, 2022
Aug 21, 2023
Apr 21, 2020
Sep 23, 2022
Oct 28, 2023
May 28, 2024
Sep 4, 2023
Jan 11, 2022
May 28, 2024
May 19, 2023
Feb 24, 2023
Jan 27, 2022

Repository files navigation

OQS-Bind

CodeQL

OQS-Bind is a forked version of ISC's Bind9 DNS software which enables PQC DNS. The original Bind9 README can be found here. This fork take advantage of Open Quantum Safe's liboqs and oqs-provider. NOTE: OpenSSL 3.2 is REQUIRED to build and use OQS-Bind.

This project is not officially affiliated with Open Quantum Safe.

Algorithms

Currently only DNSSEC is supported and tested with a small number of algorithms, but DoT and DoH inprinciple should work. I plan on eventually enabling more DNSSEC quantum resistant algorithms in the future and automating enabling and disabling them, but for now this must be done by hand. The algorithms we support in DNSSEC are as follows:

DNSSEC Algorithms

Algorithm DNSSEC Algorithm ID
Falcon-512 17
Dilithium2 18
SPHINCS+-SHA-256-128s Simple 19
XMSS 20
XMSSMT 21

We opted to start the algorithm IDs at 17 because of the discussion seen here.

DoT/DoH Algorithms

These have not been tested, but in principle all algorithms supported by oqs-proivder should work.

Building

In order to build OQS-Bind, some version of OpenSSL 3.2 must be installed. At the time of writing Beta1 just was released, so it is recommended to not use OpenSSL 3.2 as your primary system-wide instalation of OpenSSL. Instead, installed OpenSSL 3.2 in a special location. You can then specify the location of OpenSSL 3.2 using the --with-openssl=<OPENSSL3.2DIR>. Then simply follow the regular Bind9 build instructions found here.

About

PQC-enabled Bind9 using Open Quantum Safe's oqs-provider.

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • C 77.9%
  • Shell 16.9%
  • Python 2.1%
  • Perl 1.6%
  • M4 0.8%
  • Makefile 0.4%
  • Other 0.3%