-1

I have a question about the implementation of DNSSEC. I have a DNS Server and I want to implement DNSSEC, but I can't find documentation for this. I have a lot of confusion about this topic since there is little documentation and little precision. Could someone provide me documentation to get started?

My main problem is that I do not understand the concrete procedure, since some of the solutions that I have found are very poor.

Secespitus
  • 111
  • 5
Fabio Orefice Amez
  • 35
  • 5
  • Your question is kind of offtopic here and far too vague... depending on your constraints (such as, among other things, number and size of your zones, using an HSM or SoftHSM, dealing with secondaries you control or not, depending on TLDs and automation to change the DS for the KSK, if you need a DPS or not - see RFC6841 - if you want to do offline or online signing, etc.) there could be a lot of different ways to "do DNSSEC". You first need to be clear on how the DNS itself work, the crypto basis behing DNSSEC, what is a NSEC/NSEC3, etc. – Patrick Mevzek Jun 17 '19 at 02:27
  • 1
    In questions like that when you say "since some of the solutions that I have found are very poor." you should list which solutions you saw and why you define them as "poor". This would help people not giving you back solutions you have already seen and knowing what you find poor may help find out your constraints (or correct some misunderstandings - DNSSEC is not really for the faint of heart) and hence better solutions. – Patrick Mevzek Jun 17 '19 at 02:31

1 Answers1

3

A Google search for bind dnssec returns a lot of relevant results. Two that look particularly promising are:

And for a broader explanation of DNSSEC, not specifically related to bind:

Doug Deden
  • 1,796
  • 6
  • 10