5893debf46
I've used the following command to remove the trailing whitespace for all tracked text files: git grep -Il '' | xargs sed -i 's/[ \t]*$//'
3.1 KiB
Preface
Organization
This document provides introductory information on how DNSSEC works, how to configure BIND 9 to support some common DNSSEC features, and some basic troubleshooting tips. The chapters are organized as follows:
dnssec_guide_introduction covers the intended audience
for this document, assumed background knowledge, and a basic
introduction to the topic of DNSSEC.
getting_started
covers various requirements before implementing DNSSEC, such as software
versions, hardware capacity, network requirements, and security
changes.
dnssec_validation
walks through setting up a validating resolver, and gives both more
information on the validation process and some examples of tools to
verify that the resolver is properly validating answers.
dnssec_signing
explains how to set up a basic signed authoritative zone, details the
relationship between a child and a parent zone, and discusses ongoing
maintenance tasks.
dnssec_troubleshooting provides some tips on how to
analyze and diagnose DNSSEC-related problems.
dnssec_advanced_discussions covers several topics,
including key generation, key storage, key management, NSEC and NSEC3,
and some disadvantages of DNSSEC.
dnssec_recipes
provides several working examples of common DNSSEC solutions, with
step-by-step details.
dnssec_commonly_asked_questions lists some commonly
asked questions and answers about DNSSEC.
Acknowledgements
This document was originally authored by Josh Kuo of DeepDive Networking. He can be reached at josh.kuo@gmail.com.
Thanks to the following individuals (in no particular order) who have helped in completing this document: Jeremy C. Reed, Heidi Schempf, Stephen Morris, Jeff Osborn, Vicky Risk, Jim Martin, Evan Hunt, Mark Andrews, Michael McNally, Kelli Blucher, Chuck Aurora, Francis Dupont, Rob Nagy, Ray Bellis, Matthijs Mekking, and Suzanne Goldlust.
Special thanks goes to Cricket Liu and Matt Larson for their selflessness in knowledge sharing.
Thanks to all the reviewers and contributors, including John Allen, Jim Young, Tony Finch, Timothe Litt, and Dr. Jeffry A. Spain.
The sections on key rollover and key timing metadata borrowed heavily
from the Internet Engineering Task Force draft titled "DNSSEC Key Timing
Considerations" by S. Morris, J. Ihren, J. Dickinson, and W. Mekking,
subsequently published as 7583.
Icons made by Freepik and SimpleIcon from Flaticon, licensed under Creative Commons BY 3.0.