How do you get started with deploying DNSSEC-validating DNS servers on your network? What kind of planning should you undertake? What are the steps you need to go through?
The team over at SURFnet in the Netherlands recently released an excellent whitepaper that goes into the importance of setting up DNSSEC validation, the requirements for using validation, the planning process you should use, etc.
As we note on our resource page about the whitepaper, the document then walks through the specific steps for setting up DNSSEC validation in three of the common DNS resolvers:
- BIND 9.x
- Microsoft Windows Server 2012
For us to get DNSSEC widely available we need to have DNS resolvers on networks performing the actual validation of DNS queries using DNSSEC. This guide is a great way to get started.
Have you enabled DNSSEC validation on your network?