h1

A Guide to Deploying DNSSEC…….

August 11, 2010

Deploying DNSSEC requires a number of security details and procedures to be defined and followed with specific requirements as to timing. This guide addresses these issues from the point of view of information security managers responsible for defining a policy and procedures to secure the DNS services of a company or an organisation, and from the point of view of competent authorities defining or regulating requirements for deployment

This are the excerpt of the table of contents of the report on Deploying DNSSEC…..

Table of Contents
Good practices guide for deploying DNSSEC …………………………. 4
Scope of this document …………………………………………………….. 5
DNSSEC practices statement ………………………………………………  6
Signing your zone …………………………………………………………….. 6
Value of a signed zone ………………………………………………………. 7
Designing a signing system ………………………………………………… 7
Signing in a test environment …………………………………………….. 9
Checking the DNS servers…………………………………………………. 10
Key generation and management ………………………………………. 10
Physical security ……………………………………………………………. 11
Use of NSEC3 …………………………………………………………………. 11
Key rollovers ………………………………………………………………… 12
Performance issues ………………………………………………………… 13
Publication of keys ………………………………………………………… 14
Change of registrar ……………………….. ……………………………… 15
Change a zone from signed to unsigned …………………………….. 15

Change of domain holder (registrant) ………………………………. 16
Selecting a product ………………………………………………………. 16
Outsourcing ………………………………………………………………… 17
Change of DNS provider ………………………………………………… 17
Validating DNS queries …………………………………………………. 19
Configure trust anchors ………………………………………………… 20
Routers, firewalls and other network equipment ……………….. 21
Conclusions ………………………. ………………………………………. 21

ANNEX 1: Contents of a TAR’s policy and practices statement .. 22

ANNEX 2: Support of DNSSEC on commonly used nameservers .. 27

Reference…………..

The full report can be obtained from this website:-

http://www.enisa.europa.eu/act/res/technologies/tech/gpgdnssec/at_download/fullReport

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: