Paranoid Penguin - DNS Cache Poisoning, Part II: DNSSEC Validation
And with that, your nameserver is successfully validating signed zone data! For now, I wish you thanks and goodbye. As I seem to do every couple years, I'm going to take a hiatus for a few months. I do plan on resuming the Paranoid Penguin after that, however, refreshed and renewed for your reading pleasure.
Until then, take care of yourself and especially your Linux systems!
DNSSEC—the DNS Security Extensions—Protocol Home Page: www.dnssec.net
Alan Clegg's “DNSSEC—Living and Loving Life after Kaminsky; Or: How I overcame my fear and signed my zones.” Presentation to REN-ISAC on 10-30-2008: www.ren-isac.net/techburst/hardcopy/ren-isac_techburst_20081030_clegg_dnssec.pdf
Geoff Huston's “A Fundamental Look at DNSSEC, Deployment, and DNS Security Extensions”: www.circleid.com/posts/dnssec_deployment_and_dns_security_extensions
Ubuntu 10.10 Server Guide: “Chapter 7. Domain Name System (DNS)”: https://help.ubuntu.com/10.10/serverguide/C/dns.html
BIND 9.7 Administrator's Reference Manual (ARM): ftp.isc.org/isc/bind9/cur/9.7/doc/arm/Bv9ARM.pdf
Tony Finch's “How to set up DNSSEC validation with BIND-9.7”: fanf.livejournal.com/107310.html
Mick Bauer (firstname.lastname@example.org) is Network Security Architect for one of the US's largest banks. He is the author of the O'Reilly book Linux Server Security, 2nd edition (formerly called Building Secure Servers With Linux), an occasional presenter at information security conferences and composer of the “Network Engineering Polka”.
- Stepping into Science
- Qu’est-ce qu’on a fait au Bon Dieu ? Télécharger Le Film Complet Gratuit
- CORSAIR's Carbide Air 740
- A Better Raspberry Pi Streaming Solution
- Linux Journal December 2016
- Custom checks and notifications for Nagios
- Tyson Foods Honored as SUSE Customer of the Year
- FutureVault Inc.'s FutureVault
- Radio Free Linux
- The Tiny Internet Project, Part II