1 .. Copyright (C) Internet Systems Consortium, Inc. ("ISC") 2 .. 3 .. SPDX-License-Identifier: MPL-2.0 4 .. 5 .. This Source Code Form is subject to the terms of the Mozilla Public 6 .. License, v. 2.0. If a copy of the MPL was not distributed with this 7 .. file, you can obtain one at https://mozilla.org/MPL/2.0/. 8 .. 9 .. See the COPYRIGHT file distributed with this work for additional 10 .. information regarding copyright ownership. 11 12 Preface 13 ------- 14 15 .. _preface_organization: 16 17 Organization 18 ~~~~~~~~~~~~ 19 20 This document provides introductory information on how DNSSEC works, how 21 to configure BIND 9 to support some common DNSSEC features, and 22 some basic troubleshooting tips. The chapters are organized as follows: 23 24 :ref:`dnssec_guide_introduction` covers the intended audience for this 25 document, assumed background knowledge, and a basic introduction to the 26 topic of DNSSEC. 27 28 :ref:`getting_started` covers various requirements 29 before implementing DNSSEC, such as software versions, hardware 30 capacity, network requirements, and security changes. 31 32 :ref:`dnssec_validation` walks through setting up a validating 33 resolver, and gives both more information on the validation process and 34 some examples of tools to verify that the resolver is properly validating 35 answers. 36 37 :ref:`dnssec_signing` explains how to set up a basic signed 38 authoritative zone, details the relationship between a child and a parent zone, 39 and discusses ongoing maintenance tasks. 40 41 :ref:`dnssec_troubleshooting` provides some tips on how to analyze 42 and diagnose DNSSEC-related problems. 43 44 :ref:`dnssec_advanced_discussions` covers several topics, including key 45 generation, key storage, key management, NSEC and NSEC3, and some 46 disadvantages of DNSSEC. 47 48 :ref:`dnssec_recipes` provides several working examples of common DNSSEC 49 solutions, with step-by-step details. 50 51 :ref:`dnssec_commonly_asked_questions` lists some commonly asked 52 questions and answers about DNSSEC. 53 54 .. _preface_acknowledgement: 55 56 Acknowledgements 57 ~~~~~~~~~~~~~~~~ 58 59 This document was originally authored by Josh Kuo of `DeepDive 60 Networking <https://www.deepdivenetworking.com/>`__. He can be reached 61 at josh.kuo (a] gmail.com. 62 63 Thanks to the following individuals (in no particular order) who have 64 helped in completing this document: Jeremy C. Reed, Heidi Schempf, 65 Stephen Morris, Jeff Osborn, Vicky Risk, Jim Martin, Evan Hunt, Mark 66 Andrews, Michael McNally, Kelli Blucher, Chuck Aurora, Francis Dupont, 67 Rob Nagy, Ray Bellis, Matthijs Mekking, and Suzanne Goldlust. 68 69 Special thanks goes to Cricket Liu and Matt Larson for their 70 selflessness in knowledge sharing. 71 72 Thanks to all the reviewers and contributors, including John Allen, Jim 73 Young, Tony Finch, Timothe Litt, and Dr. Jeffry A. Spain. 74 75 The sections on key rollover and key timing metadata borrowed heavily 76 from the Internet Engineering Task Force draft titled "DNSSEC Key Timing 77 Considerations" by S. Morris, J. Ihren, J. Dickinson, and W. Mekking, 78 subsequently published as :rfc:`7583`. 79 80 Icons made by `Freepik <https://www.freepik.com/>`__ and 81 `SimpleIcon <https://simpleicon.com/>`__ from 82 `Flaticon <https://www.flaticon.com/>`__, licensed under `Creative Commons BY 83 3.0 <https://creativecommons.org/licenses/by/3.0/>`__. 84
Indexes created Sun May 03 00:22:47 UTC 2026