Paranoid Penguin - DNS Cache Poisoning, Part II: DNSSEC Validation
And with that, your nameserver is successfully validating signed zone data! For now, I wish you thanks and goodbye. As I seem to do every couple years, I'm going to take a hiatus for a few months. I do plan on resuming the Paranoid Penguin after that, however, refreshed and renewed for your reading pleasure.
Until then, take care of yourself and especially your Linux systems!
DNSSEC—the DNS Security Extensions—Protocol Home Page: www.dnssec.net
Alan Clegg's “DNSSEC—Living and Loving Life after Kaminsky; Or: How I overcame my fear and signed my zones.” Presentation to REN-ISAC on 10-30-2008: www.ren-isac.net/techburst/hardcopy/ren-isac_techburst_20081030_clegg_dnssec.pdf
Geoff Huston's “A Fundamental Look at DNSSEC, Deployment, and DNS Security Extensions”: www.circleid.com/posts/dnssec_deployment_and_dns_security_extensions
Ubuntu 10.10 Server Guide: “Chapter 7. Domain Name System (DNS)”: https://help.ubuntu.com/10.10/serverguide/C/dns.html
BIND 9.7 Administrator's Reference Manual (ARM): ftp.isc.org/isc/bind9/cur/9.7/doc/arm/Bv9ARM.pdf
Tony Finch's “How to set up DNSSEC validation with BIND-9.7”: fanf.livejournal.com/107310.html
Mick Bauer (email@example.com) is Network Security Architect for one of the US's largest banks. He is the author of the O'Reilly book Linux Server Security, 2nd edition (formerly called Building Secure Servers With Linux), an occasional presenter at information security conferences and composer of the “Network Engineering Polka”.
- Django Models and Migrations
- Hacking a Safe with Bash
- Secure Server Deployments in Hostile Territory, Part II
- Huge Package Overhaul for Debian and Ubuntu
- Home Automation with Raspberry Pi
- The Controversy Behind Canonical's Intellectual Property Policy
- Shashlik - a Tasty New Android Simulator
- Embed Linux in Monitoring and Control Systems
- diff -u: What's New in Kernel Development
- KDE Reveals Plasma Mobile