Search DNSSEC Blog


Friday, April 3, 2009

What to Ask Vendors About DNSSEC?

The Basics:

Does it do DNSSEC according to the most recent RFC’s? (RFC 4033, 4034, and 4035)
Do your products have FIPS 140 certification?
Does it generate keys of the appropriate size? (2048 bit RSA/SHA-1)
Can the product be used to manage key material?
Can the product generate both NSEC and NSEC3 signed zones?
Can I sign/serve/manage multiple zones using this product?

The Not-So-Basics:

Does it integrate with ?
Does it work in your network infrastructure?
Does it work with MS Active Directory/Your DHCP server of Choice?
Can you use an HSM for key management with your product?
How do you update zone data using your product?
What about logging/Debugging tools?


No comments:

Post a Comment