Cascade

A friendly DNSSEC signing solution written in Rust, a programming language designed for performance and memory safety.

Cascade has the following design goals:

Flexibility

Run Cascade the way that you want: from a package or a Docker image, on-premise or in the cloud, with keys on disk or an HSM of your choice.

Sensible defaults

Get started easily with default settings based on industry best practices.

Controllability

Cascade gives you tight control over the DNSSEC signing process and offers validation hooks at each stage of the process.

Observability

With Cascade you cut out the guesswork. You will know what the pipeline is doing and why, and what you can expect to happen next.

Open-source with professional support services

NLnet Labs offers professional support and consultancy services with a service-level agreement. Cascade is liberally licensed under the BSD 3-Clause license.

We would love for you to get to know Cascade.

Tip

Cascade is currently in its first alpha version, with documented Known Limitations. Our goal is to gather operator feedback. Don’t be shy and reach out. In particular:

• If these documentation pages don’t answer your question, tell us what we missed.

• Performance and memory usage are expected to improve but if you think it won’t meet your needs tell us about your use case.

• Not all intended functionality has been implemented at this point. If a feature that you need is missing please let us know.

• We are actively working to shape the user experience to operator needs. We have a lot more ideas for improvement and we’d love to hear yours too.

• Do tell us about your positive experiences. Use social media (#cascade) or create an issue. We particularly appreciate hearing O/S, HSM and size/number of zones you worked with.

If GitHub isn’t your thing you can also contact us by email.