[Dshield] DNSSEC for DShield.org Diary Entry
Johannes Ullrich
jullrich at euclidian.com
Thu Aug 14 16:03:46 GMT 2008
>
>
> - -- What are you using as a trust anchor?
I am using the isc.org DLV system. But I am waiting for them to accept it. I
just sent an e-mail to get started with them late yesterday (so a response
isn't overdue yet). Once it is all done, sealed and accepted I will post
more details. But right now, I am in the dark as you are ;-). The
instructions indicate that you should first publish the signed zone. This is
the point where there are some potential problems given that the isc.org DLV
system doesn't yet validate the zone.
FWIW... .org is supposed to establish its own trust anchor "very soon"...
once that is in place, I will register the zone with whoever sets that up.
>
>
> - -- Were you able to get your register accept your DLV zone?
>
> - -- If not, are you using ISC's DLV registry?
>
> - -- Can you give more specifics on how you were able to get the DLV set
> up and accepted by either your registrar or ISC (or other third-party DLV)?
>
> END OF QUESTIONS
>
>
> For everyone else, a great resource I found when trying to set up DNSSEC
> were:
> http://www.isc.org/sw/bind/docs/DNSSEC_in_6_minutes.pdf
>
> I have not gotten as far as Johannes appears to have (I have about 20
> domains and 160 zones), so I am looking for guidance / suggestions on
> how to handle getting the domain-level zones trusted by a 'parent.'
>
> THANKS for any help / suggestions!
>
> Jon Kibler
> - --
> Jon R. Kibler
> Chief Technical Officer
> Advanced Systems Engineering Technology, Inc.
> Charleston, SC USA
> o: 843-849-8214
> c: 843-224-2494
> s: 843-564-4224
>
> My PGP Fingerprint is:
> BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.8 (Darwin)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
>
> iEYEARECAAYFAkikTCcACgkQUVxQRc85QlNqNACeLf3wPRbZjovG+or+qKlHNbFG
> 54oAn1wDgwviQZ8FSfbPTMRilVHo3pbc
> =ZjRL
> -----END PGP SIGNATURE-----
>
>
>
>
> =========================
> Filtered by: TRUSTEM.COM's Email Filtering Service
> http://www.trustem.com/
> No Spam. No Viruses. Just Good Clean Email.
>
>
> _______________________________________________
> Dshield mailing list
> Dshield at lists.sans.org
> To change your subscription options (or unsubscribe), see:
> https://lists.sans.org/mailman/listinfo/list
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/list/attachments/20080814/cf98b150/attachment.htm
More information about the Dshield
mailing list