Now I’m looking for people familiar with DNSSEC on BIND to read the book and tell me where I’ve screwed up.
This book is for an established DNS administrator who wants to deploy DNSSEC. I assume you know what named.conf is, why you don’t put PTR records in a forward zone, and so on. The goal is not to get 100% of the people 100% there, but to get 90% of the people 100% there and ground the other 10% so that they can identify their own rough edges. (The idea is roughly similar to my SSH Mastery or Cisco Routers for the Desperate.)
The contents are:
- 1. Introducing DNSSEC
- 2. Cryptography and DNSSEC
- 3. How DNSSEC changes DNS
- 4. DNSSEC Resolver
- 5. dig and DNSSEC
- 6. Securing Zone Transfers
- 7. KSKs and ZSKs
- 8. Signing Zones
- 9. Debugging
- 10. Key Rotation
- 11. Delegations and Islands of Trust
- 12. DNSSEC for Data Distribution (needs better title, it’s SSHFP and TLSA)
Many of these chapters are short. Chapter 10 is not. The writing is rough, especially near the end.
So, if you know DNSSEC, and you’re interested in spreading the DNSSEC gospel, and you have enough time to read something about half the length of a short paperback novel, contact me via email at mwlucas at my domain.
I’d need any comments by 15 March. I plan to revise that week and get the book into copyedit, so it can be out for BSDCan. Barring any really appalling revelations from the reviewers, that is. I’d rather the book be late than wrong.Stalk me on social media