Kevin Oberman wrote, On 03/20/2010 05:48 PM:
Date: Sat, 20 Mar 2010 16:28:59 -0500
From: groups <[email protected]>
Sender: [email protected]
I should have been more specific.. What dnssec tools do the folks at ISC
recommend.. I am scheduled for a 5 day class in Arlington, VA in May 2010
Thx
Charles
Greetings list..
I have recently assumed responsibility and did a
complete rebuild of a Master DNS server running 9.6.1.P3. (will
upgrade to 9.6.2 when SRPM is available)
OS: CentOS 5.4
New to DNS administration but not new to Linux / UNIX..
I am looking at dnssec-tools for signing my 2 zones.
Am curious if anyone on the list has used / is using
this tool..
Signing is probably best handled by BIND 9.7 (DNSSEC for Humans). It
handles re-signing and keyrolls in a manner that looks fairly
manageable. (I'm not using BIND for signing, so this is based on the
documentation.)
For testing and management, I use dig, part of the BIND distribution,
drill from nllabs.nl, a source of lots of fine DNS related stuff, and
http://dnscheck.se. The latter is a test suite that includes tests of
DNSSEC. Yo can install the tests on a local system or run them on the
web site.
I also urge you to get copy of NIST SP800-81r1, an excellent overview
and how-to on DNS security that goes well beyond DNSSEC. It is at:
http://csrc.nist.gov/publications/drafts/800-81-rev1/nist_draft_sp800-81r1-round2.pdf.
It is still in draft, but is close to being finalized.
Kevin..
Thx for all the info..
Especially thx for the links..
Charles
_______________________________________________
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
