To date, implementing DNSSEC using ISC Bind was manually intensive and complicated at best.  Following the general availability of Bind 9.7.0 on 02-16-2010, the task is not nearly as daunting. In this article we review at a high level, some of the new changes, features, and enhancements that have been incorporated in Bind 9.7.0 in support of DNSSEC.  This several part series will cover:

• New DNSSEC key metadata and lifecycle maintenance
• Automatic zone signing by "named"
• Simplified configuration of DNSSEC Lookaside validation (DLV)
• Configuring Dynamic DNS using the ddns-confgen or the "local" update-policy option.
• New CLI dnssec-settime and changes to dnssec-keygen, and dnssec-signzone.
• Smart signing: overview of the tools for zone signing and key maintenance.
• Improved PKCS#11 support for using Hardware Security Modules or HSM for storage and signing operations

Bind 9.7.0 can be freely downloaded from https://www.isc.org