Paul Vixie and my Network Magazine article on DNSSEC.
http://www.networkmagazine.com/article/NMG20000509S0039
My DNSSEC paper (its
not the magazine article) (3 different formats)
http://compsec101.antibozo.net/papers/dnssec/index.html
IETF DNSSEC Working Groups Home Pages
DNSSEC WG (now part of DNSEXT WG see links below)
DNS Extensions (DNSEXT) WG: http://www.ietf.org/html.charters/dnsext-charter.html
DNS Operations (DNSOPS) WG: http://www.ietf.org/html.charters/dnsop-charter.html
In addition to securing the system on which DNS runs, take additional precautions and "chroot" DNS too!
A 12 step program (cut and paste instructions) for chrooting named under Redhat Linux
http://www.antibozo.net/ogata/webtools/chroot/named.html
This link has instructions for chrooting OpenBSD
http://www.psionic.com/papers/dns/
Get the latest version of BIND with some DNSSEC capabilities
http://www.isc.org/products/BIND/
Additional Security
Links
(here are some of my picks for the most
enlightening/informative/useful/amusing.
This list is not complete by any means)
Exceptionally rich in
Computer Security realted info (especially checkout "Hotlist" & "Related
Links"):
http://www.cerias.purdue.edu
Wietse Venema's Projects
http://www.porcupine.org
Peter Gutmann's Crypto
Papers & other info
http://www.cs.auckland.ac.nz/~pgut001/
Unix tools for log watching,
host based intrusion detection, and port scan detection
http://www.psionic.com
More IETF Security stuff (including IPsec & PKIX) http://www.ietf.org/html.charters/wg-dir.html#Security_Area
Just to pass the time
away..:
http:/www.ksquared.net/~key/ipsec-bingo.cgi