dnssec signing tools
charles
groups at obsd.us
Sat Mar 20 23:20:50 UTC 2010
Kevin Oberman wrote, On 03/20/2010 05:48 PM:
>> Date: Sat, 20 Mar 2010 16:28:59 -0500
>> From: groups <groups at obsd.us>
>> Sender: bind-users-bounces+oberman=es.net at lists.isc.org
>>
>> I should have been more specific.. What dnssec tools do the folks at ISC
>> recommend.. I am scheduled for a 5 day class in Arlington, VA in May 2010
>>
>> Thx
>> Charles
>>> Greetings list..
>>> I have recently assumed responsibility and did a
>>> complete rebuild of a Master DNS server running 9.6.1.P3. (will
>>> upgrade to 9.6.2 when SRPM is available)
>>> OS: CentOS 5.4
>>>
>>> New to DNS administration but not new to Linux / UNIX..
>>>
>>> I am looking at dnssec-tools for signing my 2 zones.
>>> Am curious if anyone on the list has used / is using
>>> this tool..
>
> Signing is probably best handled by BIND 9.7 (DNSSEC for Humans). It
> handles re-signing and keyrolls in a manner that looks fairly
> manageable. (I'm not using BIND for signing, so this is based on the
> documentation.)
>
> For testing and management, I use dig, part of the BIND distribution,
> drill from nllabs.nl, a source of lots of fine DNS related stuff, and
> http://dnscheck.se. The latter is a test suite that includes tests of
> DNSSEC. Yo can install the tests on a local system or run them on the
> web site.
>
> I also urge you to get copy of NIST SP800-81r1, an excellent overview
> and how-to on DNS security that goes well beyond DNSSEC. It is at:
> http://csrc.nist.gov/publications/drafts/800-81-rev1/nist_draft_sp800-81r1-round2.pdf.
> It is still in draft, but is close to being finalized.
Kevin..
Thx for all the info..
Especially thx for the links..
Charles
More information about the bind-users
mailing list