[ILUG] secure DNS...
james-ilug at now.ie
Wed Nov 22 11:06:19 GMT 2000
On Tue, Nov 21, 2000 at 09:02:29PM +0000, John P . Looney wrote:
> "Secure DNS - A version of the DNS or Domain Name Service enhanced with
> authentication services. This is being designed by the IETF DNS security
> working group. The BIND 8.2 implementation is available for download"
> Does anyone know if the standard Bind 8.2.2 that ships with most current
> OSes has support for secure DNS by default, or is it "upgrade to Bind
> 9"/"recompile 8.2.2 with this patch time" ?
BIND 8 has support for serving a signed zone only. The tools to sign
zones are rubbish and almost entirely undocumented.
BIND 9 serves signed zones without a (known) problem, the complementary
tools are approaching useable and it has experimental support for
DNSSEC-aware recursive resolution.
Both BIND 8 and 9 fully support TSIG --- shared secret hashing.
NL Labs have done a lot of work in this area.
More information about the ILUG