An introduction to signing, deploying, validating, maintaining, and troubleshooting signed DNS zones. Includes many real-world examples for the DNS server, DNS libraries, and related tools for implementing and testing DNSSEC. (ISC BIND 9 and BIND 10 is covered for DNSSEC and other DNSSEC software and tools are introduced.) This book also introduces DNSSEC-enabled resolver functions so developers can take advantage of signed zones in their own code. While the main focus is signing DNS records, Beginning DNSSEC also covers securing communications between DNS servers.
The book covers: DNS background and basics, security issues related to DNS, history of DNSSEC, DNSSEC goals, beginning public key cryptography, EDNS0, DNSSEC flags and resource records, query tool examples, validating resolver configurations, troubleshooting techniques, server configurations and signing zones, key and zone maintenance, working with registrars and parent zones, DNSSEC-related tools, and more.