DNSSEC basic information

Jukka Pakkanen jukka.pakkanen at qnet.fi
Mon Sep 23 20:16:43 UTC 2019


I am finally diging in to DNSSEC, updating out BIND 9.14.5 servers to support it, both resolving & signing, secure zone transfers etc.

I just have read the DNSSEC Mastery by Michael W. Lucas from year 2013, and my question basically is, is this information from 6 years back still valid, or hopelessly outdated?  I do suppose in six years things have already changed a lot.  And while started testing some things, noticed they are not working as expected, as presented in the book.  Like when upgraded our servers to DNSSEC resolving, the only zone I can find the ad flag set is paypal.com, example isc.org does not show it.

Also, with current status of DNSSEC, is it still recommend/required to have separate authoritative & recursive servers, DNSSEC-wise?

DLV functionality seems to be dropped from the current BIND too?

And so on... would like to know how outdated this book is, what has changed since 2013, and also, any hints for a good DNSSEC tutorials with todays BIND versions.

Jukka

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190923/42a82773/attachment.html>


More information about the bind-users mailing list