Deploying DNSSEC: Validation on recursive caching name servers

SURFnet whitepaper on deploying DNSSECWhy should you deploy DNSSEC-validating DNS resolvers on your network?  What kind of planning should you do to prepare? What steps do you need to do?

The team at SURFnet has published a whitepaper titled “Deploying DNSSEC: Validation on recursive caching name servers” (direct link to PDF) that answers these specific questions and much more.  The document covers:

  • Cost and benefits of deploying DNSSEC
  • DNS architecture
  • Requirements before deployment
  • Planning your deployment
  • Operational requirements and practices

The document then gets into specific step-by-step instructions for three of the most common DNS resolvers:

  • BIND 9.x
  • Unbound
  • Microsoft Windows Server 2012

For people looking to deploy DNSSEC-validation within their network, this guide provides an excellent way to get started.

October 23rd, 2012 by | Posted in DNSSEC, Tutorials, Whitepapers | Tags: | 5 Comments

5 Responses to Deploying DNSSEC: Validation on recursive caching name servers

  1. […] then… can you set up DNSSEC validation on your own network?  That will help you get the benefit of the added security of DNSSEC in your own usage of the […]

  2. […] P.S. While you are in there updating your DNS resolver, if you are using BIND or Unbound, why not enable DNSSEC validation?  It’s a simple change in the configuration file, as shown in this SURFnet white paper. […]

  3. […] you need to configure DNSSEC validation, we recommend SURFnet’s white paper that includes easy steps for common DNS […]

Leave a Reply

Your email address will not be published. Required fields are marked *