Date: Wed, 23 Jul 2008 15:38:55 +0200 From: Ruben van Staveren <ruben@verweg.com> To: Kevin Oberman <oberman@es.net> Cc: Doug Barton <dougb@FreeBSD.org>, freebsd-stable@freebsd.org, Paul Schmehl <pschmehl@tx.rr.com> Subject: Re: FreeBSD 7.1 and BIND exploit Message-ID: <3200E316-1DD0-4B44-B7F6-CDFF689F00DB@verweg.com> In-Reply-To: <20080722214925.390584500E@ptavv.es.net> References: <20080722214925.390584500E@ptavv.es.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On 22 Jul 2008, at 23:49, Kevin Oberman wrote: >> Someone needs to write a really good tutorial on dnssec. The bits >> and >> pieces are scattered about the web, but explanations of now to >> publish >> your keys, to whom they need to be published and what is involved in >> the ongoing maintenance are lacking. Especially a clear explanation >> of what is required to run both keyed and "legacy" dns at the same >> time. Another piece of text can be found at http://www.nlnetlabs.nl/dnssec_howto/ > I can't imagine why anyone would want to run both. Resolvers which > don't > know how to check signatures simple don't do so and everything still > works. > > A pretty good, though somewhat outdated tutorial can be found in NIST > SP800-81. It's pretty readable and tells you how to generate keys and > sign a zone properly. > http://csrc.nist.gov/publications/nistpubs/800-81/SP800-81.pdf Regards, Ruben [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) iD8DBQFIhzRvZ88+mcQxRw0RAt4cAJ9N5HB629dM7ib6sMu1doSsxOKJIACdFkQR 93Uuv3IMXxFlsoEadABeON0= =c0lW -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3200E316-1DD0-4B44-B7F6-CDFF689F00DB>