mail us  |  mail this page

contact us
training  | 
tech stuff  | 

BIND 9 Support

DNS Articles and Information

This page contains a number of opinion pieces, information about specific topics or techniques that don't fit into the overall shape or structure of DNS for Rocket Scientists. If you find them useful we will both be very happy. If not, then only one of us will remain happy.

DNS Security Protocols The recent, and welcome, addition of DNS-over-TLS adds new security capabilities. However, the suggestion that ubiquitous DNS-over-TLS (user to resolver, resolver to authoritative sources) is functionally equivalent to DNSSEC just ain't so. Security protocols do what they say on their tin.
Beware Dark Zones Ahead Choosing a DNSSEC Solution. As the pace of DNSSEC implementation increases we are frequently asked about how to evaluate these DNSSEC solutions. This paper describes some objective criteria that may help. PDF version.
DNSSEC and SSL Once DNSSEC is in place all kind of interesting possibilities are opened up. This article discusses the relationalship between DNSSEC and SSL. Maybe - just maybe - you could save a pot-load of money using DNSSEC.
DLV = DNSSEC without the Wait? DLV, available in BIND since 9.3.0, may offer an alternative to waiting for ICANN and all the gTLD, ccTLD and sTLD operators to sign their zones.
Minimum TTLs It's an apparently simple question - what is the mimimum sensible TTL? And the answer - well it's not that simple!
Failover Strategies Is a short TTL or are multiple RRs the best failover strategy when using DNS? For browser based applications multiple RRs win - no contest.
TTLs - Revisited We recently had cause to reflect on TTL values after a major outage caused by an access problem.
The Case Against DNSSEC This article (published in itemises four major points are used against DNSSEC by naysayers together with the contra arguments from the point of view of a, perhaps relucant, DNSSEC believer.
Open DNS - Bad Idea Why an Open DNS is a bad idea and how to close it
DNSBL Services Description of DNS based Black List (and White list) services.
DNNSEC - A Commercial Opportunity? Is there money in DNS security? Some thoughts on turning DNNSSEC (and/or DLV) into a commercial opportunity.
The Death of Hope Why the top level domains, especially country domains, should be secured (signed) as a matter or priority.

Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.

Pro DNS and BIND by Ron Aitchison


tech info
guides home
dns articles
1 objectives
big picture
2 concepts
3 reverse map
4 dns types
5 install bind
6 samples
7 named.conf
8 zone records
9 howtos
10 tools
11 trouble
12 bind api's
13 dns security
bits & bytes
15 messages
notes & tips
registration FAQ
dns resources
dns rfcs
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox




Icons made by Icomoon from is licensed by CC 3.0 BY
share page via facebook tweet this page


email us Send to a friend feature print this page Display full width page Decrease font size Increase font size



Debian Linux


GNU-Free SW Foundation


Open Source Initiative
Creative Commons


Ibiblio - Library
Open Book Project
Open Directory


CSS Technology SPF Record Conformant Domain
Copyright © 1994 - 2024 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
hosted by
web-master at zytrax
Page modified: January 20 2022.