Automic VaultAutomic Vault

brew

Install jdnssec-tools with Homebrew

Java command-line tools for DNSSEC. Version 0.20.1 via Homebrew; verified 2026-06-22.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install jdnssec-tools

local Homebrew formula metadata

overview

Package summary

Java command-line tools for DNSSEC

Commands and aliases

  • jdnssec-dstool
  • jdnssec-keygen
  • jdnssec-keyinfo
  • jdnssec-signkeyset
  • jdnssec-signrrset
  • jdnssec-signzone
  • jdnssec-tools
  • jdnssec-verifyzone
  • jdnssec-zoneformat

history

Project history and usage

jdnssec-tools is a small Java command-line toolkit for DNSSEC operations. Its README describes it as a collection of DNSSEC tools intended as an addition or replacement for the DNSSEC tools shipped with BIND 9.

Project history

David Blacka authored the project and hosted its source on GitHub. The README ties the toolkit to dnsjava, Jakarta Commons CLI, slf4j, and Java cryptography support, which explains its role as a portable Java DNSSEC utility set rather than a daemon-centered DNS package.

The ChangeLog shows a long-maintained niche tool: release 0.10 appeared in 2011, release 0.12 in 2012, elliptic-curve DNSSEC algorithm support arrived in the 2016-2017 period, and later releases updated dnsjava, logging, DS algorithm handling, and distribution formats.

Adoption history

Adoption appears package-oriented and specialist: Homebrew packages it as jdnssec-tools, while the upstream project distributes source, binary tarballs, and an executable jar through GitHub releases. Its audience is DNSSEC operators and testers who want Java-based zone signing, key generation, and verification tools.

How it is used

The package exposes commands such as jdnssec-keygen, jdnssec-signzone, jdnssec-verifyzone, jdnssec-signrrset, and jdnssec-zoneformat. The README demonstrates unpacking a release and running tools from the bin directory, with a later one-jar invocation path using java -jar.

Why package nerds care

For package nerds, jdnssec-tools is interesting because it packages DNSSEC maintenance primitives outside the usual BIND toolchain and keeps them tied to the Java DNS ecosystem. It is obscure, but it covers a real operational corner: reproducible command-line DNSSEC work in environments where Java is already the portable runtime.

Timeline

  • 2011: ChangeLog records release 0.10 and refactoring of the command-line classes.
  • 2012: Release 0.12 updated dnsjava integration and verification behavior.
  • 2016: ECDSA P-256 and P-384 support was added for key generation, signing, and verification.
  • 2022: Release 0.17 updated dnsjava, switched from log4j to slf4j, and added CDS record generation.
  • 2024: Release 0.20 introduced Java 15 requirements for EdDSA support and a one-jar distribution.
  • 2026: The ChangeLog records a dnsjava 3.6.4 update adding DNS RR type coverage such as SVCB, HTTPS, and ZONEMD.

Related projects

  • Related projects include BIND 9, whose DNSSEC utilities are the comparison point in the README, and dnsjava, the Java DNS library on which jdnssec-tools depends.

security posture

Risk level: green

narrow executable package without higher-risk signals.

Risk classifier

green risk · low confidence · appliance

Why

  • narrow executable package without higher-risk signals

Signals

  • metadata:no-higher-risk-signals

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 1 platform targets.
  • Installs with 1 runtime dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
jdnssec-dstoolcliglobal executable
jdnssec-keygencliglobal executable
jdnssec-keyinfocliglobal executable
jdnssec-signkeysetcliglobal executable
jdnssec-signrrsetcliglobal executable
jdnssec-signzonecliglobal executable
jdnssec-toolscliglobal executable
jdnssec-verifyzonecliglobal executable
jdnssec-zoneformatcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.20.1
manager updated2026-06-22
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/dblacka/jdnssec-tools

install metadata

Package metadata

Package keybrew:jdnssec-tools
Version0.20.1
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/jdnssec-tools
Homepagehttps://github.com/dblacka/jdnssec-tools
Repositoryhttps://github.com/dblacka/jdnssec-tools
Upstream docshttps://github.com/dblacka/jdnssec-tools/blob/master/README.md
LicenseLGPL-2.1-or-later
Source archivehttps://github.com/dblacka/jdnssec-tools/releases/download/v0.20.1/jdnssec-tools-0.20.1.tar.gz
Last updated2026-06-22T14:03:48-07:00
Pulseupdated
Dependenciesopenjdk
Bottleavailable (on all)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namejdnssec-tools
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • package relationship graph
  • package version freshness
  • package-page enrichment