Internet2 Network Security SIG

[Bob Harold <>]

A tutorial would be good.  I still hear recent stories of admins not getting everything quite right, and the tools still seem to be evolving.  But I need to enable DNSSEC in the next six months.

--
Bob Harold

DNS and DHCP Hostmaster - UMNet
Information and Technology Services (ITS)
   734-647-6524 desk

On Fri, Dec 6, 2019 at 11:59 AM O'Brien, John W <> wrote:

"DNSSEC is tedious to setup" sounds like it harkens back to the early (dark) days of DNSSEC. My experience lately is that DNSSEC validation couldn't possibly be easier to setup---some implementations have even started enabling it by default---and that signing is quite straight forward. Maybe that means I should give one of these tutorials of which you speak. __

On 2019/12/06, 11:21, " on behalf of Karl Reuss" < on behalf of > wrote:

    On 12/5/19 9:13 PM, John Kristoff wrote:
    > Alternatively, an Internet2 owned and operated authoritative,
    > secondary, or resolver service might also be a worthwhile member
    > benefit to take advantage of.  If Internet2 could run some anycast
    > instances for us to secondary on as part of our membership fee or for
    > a nominal fee, that would be really, really nice.
    >

    This is an excellent idea!


    I would add DNSSEC tutorials to the list.  DNSSEC is tedious to setup, but helps with hardening both the authoritative and recursive sides of DNS.


    -Karl