This repository contains the scripts to build PowerDNS authoritative DNS server with support for quantum-safe algorithms. More information can be found in our blog post.
Currently, we support Falcon512, SQIsign1 and Mayo2.
Caution
This software is experimental and not meant to be used in production. Use this software at your own risk.
To build the image, run this (simplified) command:
podman build -f Dockerfile --tag=auth-powerdns:latest
The tag is an example, just make sure you can find the image again for running the image as container.
A minimal working example of running the image is included in the directory example. It should how to build a container running example.nl, signed with SQIsign. You can build it as follows:
podman build -f example/Dockerfile --tag=patad-test-example.nl
podman run --rm -d -p 5300:53/udp -p 5300:53/tcp patad-test-example.nl
And you can confirm it works:
dig example.nl ns -p 5300 @localhost
Note that PowerDNS signs on-the-fly, so the first query may take a while, since SQIsign is relatively slow in signing time.
For further examples, please refer to our testbed repository for an example.
Browse to SIDN Labs PowerDNS repository. Then, for example:
git checkout falcon-sqisign-20240315
git diff auth-4.8.3 > /tmp/patch-4.8.3.diff
Then, move the patch file to the correct directory.