securing bind in todays hostile environment

Grant Taylor gtaylor at
Sun Jan 19 17:31:14 UTC 2020

On 1/19/20 4:01 AM, N. Max Pierson wrote:
> I honestly couldn’t tell you either way as I have not even begun 
> to start to dive into DNSSEC.

I can recommend the following book from Michael W. Lucas / @mwlauthor 
and say that it provides a good, actionable, introduction to DNSSEC.

Link - DNSSEC Mastery: Securing the Domain Name Service with BIND (ebook)

Disclaimer:  I'm not associated with Michael.  We do pester each other 
on Twitter.  I have tech reviewed some of his other book.

I've found all of his Mastery books to be packed with actionable 
information and well worth the price (< $20).

I prefer to buy the books directly from Michael's site, Tilted Windmill 
Press, to avoid the overhead & fees with thee other typical outlets.

Word to the wise:  Be mindful of the recent SHA1 chosen prefix attacks 
when starting with DNSSEC.  This mostly means that you just choose 
other, newer, algorithms to use when deploying DNSSEC.

Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the bind-users mailing list