Ches’s blog
Ches’s blog
I am running through DNSSEC in Six Minutes (http://www.isc.org/sw/bind/docs/DNSSEC_in_6_minutes.pdf) for cheswick.com and affiliated domains. This is something we have to do to really deal with the recent emergence of DNS cache poisoning.
Alas, it is taking a lot longer than six minutes, and some of the directions aren’t quite clear enough. This zone signing stuff requires automation of DNS master files of the sort I used to do with the makefile back at the Labs 15 years ago. I have been running cheswick.com with a small hand-edited config file, but this has to change.
I wonder if I will break this enough to destroy cheswick.com for Labor Day weekend, coming home to a fun sysadmin problem. In any case, this is good practice to keep my hand in at sysadmin issues. I don’t run research.att.com any more. (This is probably a good thing.)
Do I have to recompile bind 9 in the system? Use the ports version? Google hits are not helping. Time to go to the beach and read something trashy.
Thursday, August 28, 2008
DNSSEC for cheswick.com