Blog/content/posts/2017-01-30-my-take-on-dnssec-part-3-how-to-configure-it-in-bind-cancelled.md
2017-10-09 12:03:43 +02:00

35 lines
1.5 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: 'My Take on DNSSEC Part 3: How to configure it in BIND (cancelled)'
author: eNBeWe
type: post
date: 2017-01-30T14:29:37+00:00
url: /2017/01/30/my-take-on-dnssec-part-3-how-to-configure-it-in-bind-cancelled/
categories:
- Allgemein
- Internes
- Serveradministration
tags:
- bind
- DNS
- DNSSEC
- Knot DNS
- yadifa
---
Just as a quick note here:
I originally planned to do my third part on DNSSEC with configuration hints using the popular DNS server [BIND][1]. At the moment I also use BIND for my setup.
Now I discovered the "Advanced Secuity Notifications" at ISC, which sells prior warnings about security issues in BIND. Personally, I don't want to support this model.
Instead I am currently migrating to another DNS server implemenation, [YADIFA][2], which I will then write about. But first I need to check my setup using this server.
<!--more-->
**Update:** Maybe I will switch to [Knot DNS][3] instead of YADIFA. They seem to be both fairly equal in features. To the outside spectator YADIFA seems to be a dead project, even though they published a release in mid-december. The development is done by EUnic, the guys behind maintaining the .eu-domain. They seem to have some internal development/issue tracking/etc. and they only send the releases to GitHub.
In contrast, Knot DNS, being maintained by cz.nic, is more open in their development.
[1]: https://www.isc.org/downloads/bind/
[2]: http://www.yadifa.eu/
[3]: https://www.knot-dns.cz