Softlink 1411136

c't 11/2014, p.136

Bescherming onderweg

BetterCrypto: Applied Crypto Hardening

BIND 9 Administrator Reference Manual

IANA DNSSEC Root Trust Anchor

Michael W. Lucas: DNSSEC Mastery

RFC 2136: Dynamic Updates in the Domain Name System (DNS UPDATE)

RFC 3597: Handling of Unknown DNS Resource Record (RR) Types

Tools en Software

Browser-Plugin DNSSEC/TLSA Validator

DNSCheck

dnsmasq

DNSSEC-Resolvertest SIDN Labs

DNSSEC-Resolvertest Universiteit van Duisburg-Essen

Dnssec-Trigger

FreeBSD 10

Hash Slinger

LDNS

Online-generator voor TLSA-Records

OpenDNSSEC

Postfix Mailserver

ZoneCheck

Zonemaster

DNS-servers

BIND

Knot DNS

NSD

PowerDNS

Unbound

Bundy DNS

YADIFA

example.org.conf voor OpenSSL:

[ req ]
default_bits = 3248
encrypt_key = yes
distinguished_name = req_dn
x509_extensions = cert_type
prompt = no
req_extensions = v3_req
[ req_dn ]
C=DE
ST=Gelderland
L=Nijmegen
O=CT
OU=Server
CN=example.org
emailAddress=admin@example.org
[ cert_type ]
nsCertType = server
[ v3_req ]
# Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAltName = @alt_names 
[alt_names]
DNS.1 = www.example.org
DNS.2 = mail.example.org