Greetings! I'm doing a good bit of work with DNSSEC these days and would like to set up my ASG to provide DNSSEC validation for my home network.
Essentially when the ASG makes a DNS query it would also query for relevant DNSSEC records (RRSIGs) and then use them to validate that the DNS records were not changed in transit. I've raised a feature request for this (additional votes welcome! [:)] ):
Networking: Add DNSSEC validation to ASG recursive DNS server
but in the meantime I wondered if anyone has already done this by tweaking the ASG directly. SURFNet recently published an excellent guide to deploying validating DNSSEC servers explaining the role they play and why they are needed, along with examples of configuring several DNS servers:
http://www.surfnet.nl/Documents/rapport_Deploying_DNSSEC_v20.pdf
BIND configuration is addressed in Appendix B on page 24.
Just curious if anyone else has done this before I go off and try to figure it out myself. Thanks in advance if you have and can share what you know.
This thread was automatically locked due to age.