1.. Copyright (C) Internet Systems Consortium, Inc. ("ISC") 2.. 3.. SPDX-License-Identifier: MPL-2.0 4.. 5.. This Source Code Form is subject to the terms of the Mozilla Public 6.. License, v. 2.0. If a copy of the MPL was not distributed with this 7.. file, you can obtain one at https://mozilla.org/MPL/2.0/. 8.. 9.. See the COPYRIGHT file distributed with this work for additional 10.. information regarding copyright ownership. 11 12Preface 13------- 14 15.. _preface_organization: 16 17Organization 18~~~~~~~~~~~~ 19 20This document provides introductory information on how DNSSEC works, how 21to configure BIND 9 to support some common DNSSEC features, and 22some basic troubleshooting tips. The chapters are organized as follows: 23 24:ref:`dnssec_guide_introduction` covers the intended audience for this 25document, assumed background knowledge, and a basic introduction to the 26topic of DNSSEC. 27 28:ref:`getting_started` covers various requirements 29before implementing DNSSEC, such as software versions, hardware 30capacity, network requirements, and security changes. 31 32:ref:`dnssec_validation` walks through setting up a validating 33resolver, and gives both more information on the validation process and 34some examples of tools to verify that the resolver is properly validating 35answers. 36 37:ref:`dnssec_signing` explains how to set up a basic signed 38authoritative zone, details the relationship between a child and a parent zone, 39and discusses ongoing maintenance tasks. 40 41:ref:`dnssec_troubleshooting` provides some tips on how to analyze 42and diagnose DNSSEC-related problems. 43 44:ref:`dnssec_advanced_discussions` covers several topics, including key 45generation, key storage, key management, NSEC and NSEC3, and some 46disadvantages of DNSSEC. 47 48:ref:`dnssec_recipes` provides several working examples of common DNSSEC 49solutions, with step-by-step details. 50 51:ref:`dnssec_commonly_asked_questions` lists some commonly asked 52questions and answers about DNSSEC. 53 54.. _preface_acknowledgement: 55 56Acknowledgements 57~~~~~~~~~~~~~~~~ 58 59This document was originally authored by Josh Kuo of `DeepDive 60Networking <https://www.deepdivenetworking.com/>`__. He can be reached 61at josh.kuo@gmail.com. 62 63Thanks to the following individuals (in no particular order) who have 64helped in completing this document: Jeremy C. Reed, Heidi Schempf, 65Stephen Morris, Jeff Osborn, Vicky Risk, Jim Martin, Evan Hunt, Mark 66Andrews, Michael McNally, Kelli Blucher, Chuck Aurora, Francis Dupont, 67Rob Nagy, Ray Bellis, Matthijs Mekking, and Suzanne Goldlust. 68 69Special thanks goes to Cricket Liu and Matt Larson for their 70selflessness in knowledge sharing. 71 72Thanks to all the reviewers and contributors, including John Allen, Jim 73Young, Tony Finch, Timothe Litt, and Dr. Jeffry A. Spain. 74 75The sections on key rollover and key timing metadata borrowed heavily 76from the Internet Engineering Task Force draft titled "DNSSEC Key Timing 77Considerations" by S. Morris, J. Ihren, J. Dickinson, and W. Mekking, 78subsequently published as :rfc:`7583`. 79 80Icons made by `Freepik <https://www.freepik.com/>`__ and 81`SimpleIcon <https://www.simpleicon.com/>`__ from 82`Flaticon <https://www.flaticon.com/>`__, licensed under `Creative Commons BY 833.0 <https://creativecommons.org/licenses/by/3.0/>`__. 84