FreeBSD 7.1 and BIND exploit
Ruben van Staveren
ruben at verweg.com
Wed Jul 23 13:39:16 UTC 2008
On 22 Jul 2008, at 23:49, Kevin Oberman wrote:
>> Someone needs to write a really good tutorial on dnssec. The bits
>> and
>> pieces are scattered about the web, but explanations of now to
>> publish
>> your keys, to whom they need to be published and what is involved in
>> the ongoing maintenance are lacking. Especially a clear explanation
>> of what is required to run both keyed and "legacy" dns at the same
>> time.
Another piece of text can be found at
http://www.nlnetlabs.nl/dnssec_howto/
> I can't imagine why anyone would want to run both. Resolvers which
> don't
> know how to check signatures simple don't do so and everything still
> works.
>
> A pretty good, though somewhat outdated tutorial can be found in NIST
> SP800-81. It's pretty readable and tells you how to generate keys and
> sign a zone properly.
> http://csrc.nist.gov/publications/nistpubs/800-81/SP800-81.pdf
Regards,
Ruben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20080723/68ed5caf/PGP.pgp
More information about the freebsd-stable
mailing list