Comments on: Enabling DNSSEC on BIND http://blog.techscrawl.com/2009/01/13/enabling-dnssec-on-bind/ TechScrawl is a technology blog focusing on a wide variety of technology related areas including enterprise IT, information security, penetration testing, networking, virtualization, and Windows & Linux administration. Wed, 03 Mar 2010 23:32:25 +0000 http://wordpress.com/ hourly 1 By: Tom Dickson http://blog.techscrawl.com/2009/01/13/enabling-dnssec-on-bind/#comment-320 Tom Dickson Thu, 11 Feb 2010 07:51:41 +0000 http://blog.techscrawl.com/?p=539#comment-320 I tried getting this setup, but it wouldn't work. I used dnssec-signzone -N INCREMENT -a -t -g -o example.com example.com.zone and that seemed to work fine, but once I added trusted-keys to my caching resolved, it refused to do anything, insisiting that it was "not insecure resolving". I tried getting this setup, but it wouldn’t work.

I used dnssec-signzone -N INCREMENT -a -t -g -o example.com example.com.zone and that seemed to work fine, but once I added trusted-keys to my caching resolved, it refused to do anything, insisiting that it was “not insecure resolving”.

]]> By: Alan Clegg http://blog.techscrawl.com/2009/01/13/enabling-dnssec-on-bind/#comment-314 Alan Clegg Sat, 30 Jan 2010 14:00:48 +0000 http://blog.techscrawl.com/?p=539#comment-314 Thanks for the shout-out. :) If you have any questions or comments on the "DNSSEC in 6 minutes", please let me know. Also, be aware that the newly available BIND 9.7 (featuring "DNSSEC for humans") makes DNSSEC much easier to manage (from the authoritative side). The first bits of the root being signed have now hit the world ("dig @l.root-servers.net . ns +dnssec") but are not yet able to be used for validation. Thanks for the shout-out. :) If you have any questions or comments on the “DNSSEC in 6 minutes”, please let me know.

Also, be aware that the newly available BIND 9.7 (featuring “DNSSEC for humans”) makes DNSSEC much easier to manage (from the authoritative side).

The first bits of the root being signed have now hit the world (“dig @l.root-servers.net . ns +dnssec”) but are not yet able to be used for validation.

]]> By: Andy Steingruebl http://blog.techscrawl.com/2009/01/13/enabling-dnssec-on-bind/#comment-163 Andy Steingruebl Wed, 14 Jan 2009 00:25:43 +0000 http://blog.techscrawl.com/?p=539#comment-163 Thanks. This is an excellent summary and quite handy. Thanks. This is an excellent summary and quite handy.

]]>