Blogs

Last modified: January 30, 2014
  • Using the root DNSSEC key in BIND 9 resolvers

    To use the signed root zone in DNSSEC validation in your BIND 9 resolvers, you must be running BIND 9.6.2 or higher. Earlier versions do not support the required algorithms to enable validation using the root zone’s key. It is strongly recommended you run BIND 9.7 to use the automatic key updating functionality. The recommended procedure to use differs for

    Read more
    0
  • What’s happening with DLV?

    Now that the root zone has been officially signed, what happens with ISC’s DNSSEC Look-aside Validation Registry? The short answer is, it gets smaller, but does not go away, at least not today. While having the root signed is a critically important step in the DNSSEC deployment effort, it is not the final step. It’s the one that enables a

    Read more
    0
  • Backwards compatibility issues in BIND 9.7.0 and 9.7.1

    ISC has announced that there were some backwards compatibility problems in the 9.7.1 release. Here is a bit more information on the topic. These problems were also in 9.7.0. The first issue was a problem in how those versions of BIND 9 processed certain formats of negative responses. In particular, BIND 9’s internal logic expected certain records to be present

    Read more
    0
  • Towards a DNSCERT Definition

    To mix metaphors, my e-mail has been ringing off the hook after my previous article (“Perspectives on a DNS-CERT“) and I’ve had to think deep and difficult thoughts about what we really mean by DNSCERT, and whether DNS-OARC really has the capability or really can grow the capability to operate such a thing. I’ve had some discussions with ICANN and

    Read more
    0
  • BIND 9.7.2 and automatic DNSSEC signing

    BIND 9.7.0 introduced automatic in-server signature re-freshing and automatic key rollover.  This allows BIND 9.7, if provided with the DNSSEC private key files, to sign records as they are added to the zone, or as the signatures need to be refreshed.  This refresh happens periodically to spread out the load on the server and to even out zone transfer load.

    Read more
    0