Blog/content/posts/2017-01-30-my-take-on-dnssec-part-3-how-to-configure-it-in-bind-cancelled.md
2017-10-09 12:03:43 +02:00

1.5 KiB
Raw Permalink Blame History

title author type date url categories tags
My Take on DNSSEC Part 3: How to configure it in BIND (cancelled) eNBeWe post 2017-01-30T14:29:37+00:00 /2017/01/30/my-take-on-dnssec-part-3-how-to-configure-it-in-bind-cancelled/
Allgemein
Internes
Serveradministration
bind
DNS
DNSSEC
Knot DNS
yadifa

Just as a quick note here:

I originally planned to do my third part on DNSSEC with configuration hints using the popular DNS server BIND. At the moment I also use BIND for my setup.

Now I discovered the "Advanced Secuity Notifications" at ISC, which sells prior warnings about security issues in BIND. Personally, I don't want to support this model.

Instead I am currently migrating to another DNS server implemenation, YADIFA, which I will then write about. But first I need to check my setup using this server.

Update: Maybe I will switch to Knot DNS instead of YADIFA. They seem to be both fairly equal in features. To the outside spectator YADIFA seems to be a dead project, even though they published a release in mid-december. The development is done by EUnic, the guys behind maintaining the .eu-domain. They seem to have some internal development/issue tracking/etc. and they only send the releases to GitHub.

In contrast, Knot DNS, being maintained by cz.nic, is more open in their development.