Tag Archives: DNS

DNSSEC and OpenDNSSEC

At this years The Camp Martin Toft and I held a talk about DNSSEC and OpenDNSSEC. A video of the talk, slides etc. are available here or on youtube. The talk is in danish but the slides and installation documentation is in english. Jump about 1 hour and 10 minutes ahead in the video if you already know how DNS and DNSSEC works but is interested in how to set it up with e.g. OpenDNSSEC.Lego illusttration of OpenDNSSEC signing zones

We have tried to be pedagogic about how DNSSEC works with slides spiced up with images of Lego and other fun stuff. Some examples are inserted here in the blog post.

Currently i have set a server up with OpenDNSSEC which takes care of zone signing. On my todo list is to check out Bind 9.9 Remember to guard over your private keywhich more or less can do what ods-signerd from OpenDNSSEC can do, but automatic key-generation, key-rollover, upload to parent etc. that ods-enforcerd takes care of is not implemented in Bind (yet?). dnssec-tools.org seem to have something that might do the job instead of ods-enforcerd – I have to try that out. If you have any experience with tools similar to OpenDNSSEC, whether that being the tools included in Bind or other tools, feel free to write a comment or send me an e-mail with your experience.

Preparing Lego slides in the office