Download Early Prototype "Integrated DNSSEC" (including RSAREF)

You can download the exact software that the Government gave export permission for, from this web site.

This is a version of BIND that was modified by Trusted Information Systems to add DNS Security features. It was then integrated by Hugh Daniel and John Gilmore with the RSAREF software from RSA Data Security. THIS VERSION OF THE SOFTWARE IS NOT SUITABLE FOR PRODUCTION USE. It is based on an early prototype release by Trusted Information Systems, and is incomplete and buggy in many ways. It is more than a year old. It is not even based on the latest prototype release from TIS, or on BIND-8, the current major version of BIND. It implements an early form of the KEY resource record. Because it uses RSAREF, the license restrictions on RSAREF mean that this software can not be used commercially. For example, ISPs may not use it, since they charge their customers for domain services. All newer releases will include RSA's DNSsafe software, which permits full commercial and non-commercial use.

However, this version may help advanced or experimental sites to generate keys, to experiment with signing their zones, and to validate the signatures on their zones.

We are only releasing this PARTICULAR version because it is the exact version that we processed through the export control bureacracy. Now that we have verified the principle that authentication applications are not export-controlled, future releases will not need the lengthy delays imposed by this bureacracy. We just want to be extra-safe for this very first release.

WE DO NOT UNDER ANY CIRCUMSTANCES RECOMMEND RUNNING THIS SOFTWARE IN PRODUCTION USE, OR INCORPORATING IT INTO OTHER SOFTWARE. Before downloading this software, look at the BIND release directory at the "latest kit for semipublic testing", to see if a version with DNSSEC features has been released. In a small number of weeks, the first such release will occur.


It doesn't require any special government permission for anyone, worldwide, to download Integrated DNSSEC. But due to the non-commercial nature of the RSAREF software, which is part of this early version of Integrated DNSSEC, we are required to ask you for a few promises before you can download it.

  1. I acknowledge that I have read the RSAREF Program License Agreement and understand and agree to be bound by its terms and conditions.
  2. I acknowledge that I will not use Integrated DNSSEC in connection with any revenue-generating activity.

Up: Domain Name System Security home page