Protecting bind from DNS cache poisoning!!!
Tony Finch
dot at dotat.at
Mon Aug 9 13:15:52 UTC 2010
On Mon, 9 Aug 2010, Shiva Raman wrote:
>
> I tried implementing dnssec using the following document
> http://blog.dustintrammell.com/2008/08/01/configuring-dnssec-in-bind/
That is rather out of date: it does not cover some important BIND-9.7
DNSSEC validation features, specifically RFC 5011 automatic trust anchor
rollover, and it does not explain how to install the root trust anchor.
Also you do not need to explicitly turn on DNSSEC validation: it is on by
default but only works if you have configured one or more trust anchors.
Here is my recent how-to: http://fanf.livejournal.com/107310.html
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
NORTH FITZROY SOLE: WEST OR SOUTHWEST, BECOMING CYCLONIC IN SOLE, 4 OR 5,
INCREASING 5 TO 7. MODERATE OR ROUGH. RAIN. MODERATE OR GOOD, OCCASIONALLY
POOR.
More information about the bind-users
mailing list