• 31 Dec 2014 » DNSSEC statistics
    There is an interesting DNSSEC deployment statistic from ISC: Deploy 360. If you want to know how many domains are signed under new gTLDs, you can consult nTLDStats.
  • 17 Dec 2013 » OpenDNSSEC: migrate from SQLlite to MySQL
    It’s recommented to use the MySQL backend for production use. I used SQLlite for my tests, because it was easier. When I wanted to go productive, I used the migration guide but found that the MySQL user / password could not be read from command line. I had to enter the MySQL root password in order to complete the migration.
  • 14 Dec 2013 » OpenDNSSEC Basics: update kasp.xml
    When you update the policy in the kasp.xml file, you want to issue the following command to update the changes in the OpenDNSSEC database:
  • 08 Dec 2013 » OpenDNSSEC Basics: updating a signed zone
    According to the OpenDNSSEC Zone Management wiki page you’ve to perform ods-signer sign example.com to get the zone resigned after changes. It’s vital, that you increase the SOA serial in the unsigned zone file. Otherwhise your nameserver might not be notified about the changed zone.
  • 08 Dec 2013 » Monitoring DNSSEC with Nagios on Debian Wheezy
    OpenDNSSEC contains a Nagios Plugin written in Ruby, that can be used to monitor a signed zone. The README file shows the usage.
  • 14 Nov 2013 » Welcome to my DNSSEC Blog
    In this blog I’m going to write about DNSSEC and my work with it. It will cover at least Bind and OpenDNSSEC, but might be extended to other software or services around DNSSEC I find useful.