This is the full list of all DNS/DNSSEC related articles on my blog, starting from the basics (BIND installation) to more details such as key rollover and NSEC3.
Basic DNS and DNSSEC Validation
- Basic BIND Installation
- BIND DNSSEC Validation
- DNSSEC Validation with Unbound on a Raspberry
- Pi-hole Installation Guide
- DNS Capture: UDP, IP-Fragmentation, TCP, EDNS, ECS, Cookie
- Single DNS Query – Hundreds of Packets
DNSSEC Signing
- DNSSEC Signing w/ BIND
- Signing a Subdomain
- DNSSEC with NSEC3
- ZSK Key Rollover
- KSK Key Rollover
- KSK Emergency Rollover
- Signed DNS Zone with too long-living TTLs
- BIND Inline-Signing Serial Numbers Cruncher
DNSSEC Extensions
- How to use DANE/TLSA
- SSHFP: Authenticate SSH Fingerprints via DNSSEC
- CAA: DNS Certification Authority Authorization
- PGP Key Distribution via DNSSEC: OPENPGPKEY
Test & Troubleshooting
- Dive into delv: DNSSEC Validation
- Compare & Troubleshoot DNS Servers: dnseval
- Detect DNS Spoofing: dnstraceroute
- DNS Test Names & Resource Records
- DNS Capture – The Records Edition
- How to walk DNSSEC Zones: dnsrecon
- All-in-One DNS Tool: Domain Analyzer
- Benchmarking DNS: namebench & dnseval
Future Work
External Links
- a local, augmented root-zone with DNSSEC
- Cloudflare: DNS Encryption Explained
- [Talk] Carsten Strotmann: DoH or Don’t
Featured image: “Security – Dictionary” by American Advisors Group is licensed under CC BY-SA 2.0.
One thought on “DNS”