On 22 Jul 2008, at 23:49, Kevin Oberman wrote:
Someone needs to write a really good tutorial on dnssec. The bits and pieces are scattered about the web, but explanations of now to publishyour keys, to whom they need to be published and what is involved in the ongoing maintenance are lacking. Especially a clear explanation of what is required to run both keyed and "legacy" dns at the same time.
Another piece of text can be found at http://www.nlnetlabs.nl/dnssec_howto/
I can't imagine why anyone would want to run both. Resolvers which don'tknow how to check signatures simple don't do so and everything still works. A pretty good, though somewhat outdated tutorial can be found in NIST SP800-81. It's pretty readable and tells you how to generate keys and sign a zone properly. http://csrc.nist.gov/publications/nistpubs/800-81/SP800-81.pdf
Regards, Ruben
PGP.sig
Description: This is a digitally signed message part