securing bind in todays hostile environment
Grant Taylor
gtaylor at tnetconsulting.net
Sun Jan 19 17:31:14 UTC 2020
On 1/19/20 4:01 AM, N. Max Pierson wrote:
> I honestly couldn’t tell you either way as I have not even begun
> to start to dive into DNSSEC.
I can recommend the following book from Michael W. Lucas / @mwlauthor
and say that it provides a good, actionable, introduction to DNSSEC.
Link - DNSSEC Mastery: Securing the Domain Name Service with BIND (ebook)
-
https://www.tiltedwindmillpress.com/product/dnssec-mastery-securing-the-domain-name-service-with-bind-ebook/
Disclaimer: I'm not associated with Michael. We do pester each other
on Twitter. I have tech reviewed some of his other book.
I've found all of his Mastery books to be packed with actionable
information and well worth the price (< $20).
I prefer to buy the books directly from Michael's site, Tilted Windmill
Press, to avoid the overhead & fees with thee other typical outlets.
Word to the wise: Be mindful of the recent SHA1 chosen prefix attacks
when starting with DNSSEC. This mostly means that you just choose
other, newer, algorithms to use when deploying DNSSEC.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4013 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20200119/202ca6c0/attachment.bin>
More information about the bind-users
mailing list