Bind9 DNSSEC

[panlinux]

SD-1579

This MP adds 3 documents to the guide:

• DNSSEC explanation
• DNSSEC deployment howto
• DNSSEC troubleshooting

Something to note is that, in the pictures, I used ubuntu.com as an example domain, but that domain does not have DNSSEC enabled :(. I don't rely on that anywhere, not even in the explanation text, which uses isc.org mostly. It felt odd to highlight isc.org in the picture, where I think it draws more attention, but none of the Canonical or Ubuntu domains are DNSSEC enabled. So I left ubuntu.

[panlinux]

I asked reviews from everybody, as I wasn't sure where this MP would end up otherwise, but don't feel obliged to review, ok? It would be awesome, though :)

[basak]

This is also excellent material for DNS in general. Is it worth making this more general?

Should there be an explanation of the various flags involved and their implications?

Minor suggestions inline.

[panlinux]

This is also excellent material for DNS in general. Is it worth making this more general?

We don't have a general DNS material indeed, but that's out of scope here. I added it to the backlog in https://warthogs.atlassian.net/browse/SD-1444

Should there be an explanation of the various flags involved and their implications?

You mean like RD (recursion desired), RA (recursion available) and others? They are not DNSSEC specific, so I didn't elaborate further on them. I think that's part of the doc suggestion above.

Minor suggestions inline.

Thanks

[panlinux]

Should there be an explanation of the various flags involved and their implications?

We talked offline and this was about the trust-ad setting (ad flag in the DNS protocol). I'll expand on that a bit.

[panlinux]

We talked offline and this was about the trust-ad setting (ad flag in the DNS protocol). I'll expand on that a bit.
Done.

[bryceharrington]

Worked through grammar tune-ups to dnssec.md, but the technical content all looked really good (I learned a bit!) I nerded out a bit on grammar copyedits, sorry about that, but hope you find it useful.

I took a read-thru of dnssec-troubleshooting.md and left some comments. Looks pretty good overall, just some phrasing improvements.

I did a quick skim through install-dnssec.md, and didn't spot any obvious issues to mention.

This would certainly benefit from additional reviews, in particular Sally to sharpen phrasings up better, and maybe Sergio or someone else with strong bind9 know-how on the technical end.

[panlinux]

Thanks a lot, Bryce, excellent review!

[s-makin]

Overall, great guides - as usual, logically laid out and clearly explained. I've left some formatting suggestions, and a few questions inline.

[s-makin]

Thanks, looks great! Really nice articles :)

[panlinux]

Thanks, I'll clean up the commits, rebase, and merge