bind970-iconTo date, implementing DNSSEC using ISC Bind was manually intensive and complicated at best.  Following the general availability of Bind 9.7.0 on 02-16-2010, the task is not nearly as daunting. In this article we review at a high level, some of the new changes, features, and enhancements that have been incorporated in Bind 9.7.0 in support of DNSSEC.  This several part series will cover:

  • New DNSSEC key metadata and lifecycle maintenance
  • Automatic zone signing by "named"
  • Simplified configuration of DNSSEC Lookaside validation (DLV)
  • Configuring Dynamic DNS using the ddns-confgen or the "local" update-policy option.
  • New CLI dnssec-settime and changes to dnssec-keygen, and dnssec-signzone.
  • Smart signing: overview of the tools for zone signing and key maintenance.
  • Improved PKCS#11 support for using Hardware Security Modules or HSM for storage and signing operations

Bind 9.7.0 can be freely downloaded from