On Tue, Nov 21, 2000 at 09:02:29PM +0000, John P . Looney wrote:
> "Secure DNS - A version of the DNS or Domain Name Service enhanced with
> authentication services. This is being designed by the IETF DNS security
> working group. The BIND 8.2 implementation is available for download"
>> Does anyone know if the standard Bind 8.2.2 that ships with most current
> OSes has support for secure DNS by default, or is it "upgrade to Bind
> 9"/"recompile 8.2.2 with this patch time" ?
BIND 8 has support for serving a signed zone only. The tools to sign
zones are rubbish and almost entirely undocumented.
BIND 9 serves signed zones without a (known) problem, the complementary
tools are approaching useable and it has experimental support for
DNSSEC-aware recursive resolution.
Both BIND 8 and 9 fully support TSIG --- shared secret hashing.
NL Labs have done a lot of work in this area.
http://www.nlnetlabs.nl/dnssec/
james
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
