Deploy360 23 October 2012

Deploying DNSSEC: Validation on recursive caching name servers

SURFnet whitepaper on deploying DNSSECWhy should you deploy DNSSEC-validating DNS resolvers on your network?  What kind of planning should you do to prepare? What steps do you need to do?

The team at SURFnet has published a whitepaper titled “Deploying DNSSEC: Validation on recursive caching name servers” (PDF) that answers these specific questions and much more.  The document covers:

  • Cost and benefits of deploying DNSSEC
  • DNS architecture
  • Requirements before deployment
  • Planning your deployment
  • Operational requirements and practices

The document then gets into specific step-by-step instructions for three of the most common DNS resolvers:

  • BIND 9.x
  • Unbound
  • Microsoft Windows Server 2012

For people looking to deploy DNSSEC-validation within their network, this guide provides an excellent way to get started.

Related articles

Deploy360 1 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

Almost every time we use an Internet application, it starts with a Domain Name System (DNS) transaction to map...

Deploy360 1 March 2019

IPv6 Security for IPv4 Engineers

This document provides an overview of IPv6 security that is specifically aimed at IPv4 engineers and operators. Rather than...

Deploy360 27 February 2019

Introduction to DNS Privacy

Abstract Almost every time we use an Internet application, it starts with a Domain Name System (DNS) transaction to...