Why should you deploy DNSSEC-validating DNS resolvers on your network? What kind of planning should you do to prepare? What steps do you need to do?
The team at SURFnet has published a whitepaper titled “Deploying DNSSEC: Validation on recursive caching name servers” (PDF) that answers these specific questions and much more. The document covers:
- Cost and benefits of deploying DNSSEC
- DNS architecture
- Requirements before deployment
- Planning your deployment
- Operational requirements and practices
The document then gets into specific step-by-step instructions for three of the most common DNS resolvers:
- BIND 9.x
- Unbound
- Microsoft Windows Server 2012
For people looking to deploy DNSSEC-validation within their network, this guide provides an excellent way to get started.