On 3/8/24 13:01, George at Clug wrote:
Does anyone have any recommendations on detailed books on Bind9 for
authoritative servers which would also include DNSSEC?
I'm not sure about books but there are many tutorials.
The first issue though is that bind directory layout varies between
distributions, so a tutorial for one distro will have to be adapted to
run on another.
This site is fairly comprehensive about how to do it on Debian 11 and 12.
https://wiki.debian.org/DNSSEC%20Howto%20for%20BIND%209.9+
However on reading it, I see that most directories are the same as what
I have but there are some small differences.
The main problem areas you will find are initial key generation and then
subsequent automatic signing of zones when you have made a modification.
It's a really good idea to check that the changes have actually been
taken up and made their way into the signed zone records. I always check
the syslogs to see if the zone transfers are of the signed records and
have the new SOA Serial Number.
