[retronet] DNSSEC…
John P. Willis
jpw at coherent-logic.com
Fri Aug 31 13:39:05 MDT 2018
----- On Aug 31, 2018, at 12:36 PM, gtaylor gtaylor at tnetconsulting.net wrote:
> On 08/31/2018 12:20 PM, John Willis wrote:
>> I need to look into this for my DNS servers as well.
>
> I can HIGHLY recommend Michael W. Lucas's DNSSEC Mastery book. That's
> where I learned what I did to enable DNSSEC.
>
> Link - DNSSEC Mastery: Securing the Domain Name Service with BIND —
> Tilted Windmill Press
> -
> https://www.tiltedwindmillpress.com/?product=dnssec-mastery-securing-the-domain-name-service-with-bind-ebook
>
Thanks!
> I highly recommend all of Michael's MASTERY books.
>
>> Also, I need to enable port randomization.
>
> I thought recent versions of BIND did that by default. Or is that a
> config option that modern distros have enabled (or at least don't
> disable) in their stock config file?
>
There was some detail (since lost to the passage of time, but
I believe having to do with a much older revision of my network) that
made port randomization break, so I turned it off, with an eye to
resolving it later. Later never came ;-)
Your gentle prodding about security may be just what I need to inspire
activity on this.
>
>
> --
> Grant. . . .
> unix || die
>
>
> _______________________________________________
> retronet mailing list
> retronet at mailman.chivanet.org
> http://mailman.chivanet.org/listinfo/retronet
More information about the RetroNet
mailing list