This is the full list of all DNSSEC related articles on my blog, starting from the basics (BIND installation) unto more details such as key rollover and NSEC3.
Basic DNS and DNSSEC Validation
- Basic BIND Installation
- BIND DNSSEC Validation
- DNSSEC Validation with Unbound on a Raspberry
- Pi-hole Installation Guide
- DNS Capture: UDP, IP-Fragmentation, TCP, EDNS, ECS, Cookie
- Single DNS Query – Hundreds of Packets
DNSSEC Signing
- DNSSEC Signing w/ BIND
- Signing a Subdomain
- DNSSEC with NSEC3
- ZSK Key Rollover
- KSK Key Rollover
- KSK Emergency Rollover
- Signed DNS Zone with too long-living TTLs
- BIND Inline-Signing Serial Numbers Cruncher
DNSSEC Extensions
- How to use DANE/TLSA
- SSHFP: Authenticate SSH Fingerprints via DNSSEC
- CAA: DNS Certification Authority Authorization
- PGP Key Distribution via DNSSEC: OPENPGPKEY
Test & Troubleshooting
- Dive into delv: DNSSEC Validation
- Compare & Troubleshoot DNS Servers: dnseval
- Detect DNS Spoofing: dnstraceroute
- DNS Test Names & Resource Records
- DNS Capture – The Records Edition
- How to walk DNSSEC Zones: dnsrecon
- All-in-One DNS Tool: Domain Analyzer
- Benchmarking DNS: namebench & dnseval
Future Work
External Links
- a local, augmented root-zone with DNSSEC
- Cloudflare: DNS Encryption Explained
- [Talk] Carsten Strotmann: DoH or Don’t
Featured image: “Security – Dictionary” by American Advisors Group is licensed under CC BY-SA 2.0.
One thought on “DNSSEC”