Just as a quick note here:
I originally planned to do my third part on DNSSEC with configuration hints using the popular DNS server BIND. At the moment I also use BIND for my setup.
Now I discovered the “Advanced Secuity Notifications” at ISC, which sells prior warnings about security issues in BIND. Personally, I don’t want to support this model.
Instead I am currently migrating to another DNS server implemenation, YADIFA, which I will then write about. But first I need to check my setup using this server.