DNSSEC Mastery: Securing the Domain Name System with BIND

By

Michael W Lucas

DNS is one of the oldest protocols on the Internet, and was designed for a network without hostile users. Anyone who wants to break into a network starts by investigating the target’s Domain Name Service. DNS Security Extensions, or DNSSEC, hardens DNS and brings it into the 21st century. But learning DNSSEC requires wading through years of obsolete tutorials, dead ends, and inscrutable standards.

DNSSEC MasteryUntil now.

DNSSEC Mastery will have DNS administrators running DNSSEC with the industry-standard BIND server in hours instead of weeks. You will:

-Understand what DNSSEC gives you, and what it doesn’t

-Configure your servers to resist attack.

-Verify your environment supports modern DNS

-Debug DNSSEC and the Chain of Trust

-Configure your server to resolve DNSSEC

-Conceal zone data with NSEC3

-Cryptographically sign your zones, and attach them to the Chain of Trust

-Have BIND automatically maintain signatures

-Rollover keys to maintain security

-Implement DNSSEC on private networks

-Use DNSSEC to validate self-signed SSL certificates, ending your dependence on Certificate Authorities

And more! DNSSEC Mastery transforms DNS from a security risk to a solution.