My Take on DNSSEC – Part 3: How to configure it in BIND (cancelled)

Just as a quick note here:

I originally planned to do my third part on DNSSEC with configuration hints using the popular DNS server BIND. At the moment I also use BIND for my setup.

Now I discovered the “Advanced Secuity Notifications” at ISC, which sells prior warnings about security issues in BIND. Personally, I don’t want to support this model.

Instead I am currently migrating to another DNS server implemenation, YADIFA, which I will then write about. But first I need to check my setup using this server.

My Take on DNSSEC – Part 2: How does it work?

As I already explained in Part 1, the current state of DNS is pretty insecure. The goal of DNSSEC is to improve this situation. Here is how that (should) work. I won’t go into cryptographic details here, but just show the general behaviour.

My take on DNSSEC – Part 1: Why do I need that?

DNS is probably one of the most important protocols on the internet. Everybody uses it countless times each day, usually without even noticing it. Every time somebody visits any website, every time somebody sends a mail, every time somebody wants to do literallly ANYTHING on the internet, a DNS server is involved.