Tag: dlv
DNSSEC at home
by balleman on Jul.17, 2010, under Happenings, Networking
Since the root zone was signed this week, I spent a bit of time today setting up DNSSEC validation on my home recursive server. It was relatively painless (so far). I did opt to not enable DLV though – not fond of it receiving every host name I resolve.
Resources:
- RHEL RPMs from http://people.redhat.com/atkac/bind/5.6-test/ – if someone finds a better source for BIND 9.7+ RHEL RPMs, I’d like to know. I had no luck building from the Fedora SRPMs.
- http://www.isc.org/community/blog/201007/using-root-dnssec-key-bind-9-resolvers – instructions for setting up BIND to use the root key.
- http://fanf.livejournal.com/107310.html – A more thorough walk-through of setup.
One resource I would have liked to find and could not was a deliberately unvalidatable non-root zone/record that could be used to see a validation failure. If anyone knows of or finds such a thing, please pass it along. Now we get to wait for .com, .net, etc, to catch up to .bg and .uk in the publishing of DS glue for deeper validation.
UPDATE 7/22/10: Just found the following site which makes available bad records for testing purposes: http://dnssec-tools.org/testzone/index.html