Posted on
Book review: DNSSEC Mastery

Michael W. Lucas recently wrote and self-published a new book, DNSSEC Mastery.  He asked me to review it, and I’ve been reading it in bits and starts over the past few very busy weeks.

First, the background: If you’re not familiar with the acronym, it’s a method of securing DNS information so that you can trust that domain name information is actually from the machine that’s supposed to provide it.  DNS information is basic to Internet operation, but it traditionally has been provided without any mechanisms to deal with misinformation or malicious use.  This seems to happen with protocols that have been around for many years, as any mail administrator can tell you…

In any case, ‘DNS poisoning’ (or as Wikipedia calls it, ‘DNS Spoofing‘) attacks such a basic part of how the Internet works that it will completely bypass any security methods that assume name information is correct.  DNSSEC is a way to deal with that.  It introduces public-key encryption into the process of sharing and updating DNS information.  The idea has been around for a while, but it’s only been completely implemented recently.

DNSSEC Mastery goes over this history, and through the setup required to get (recent) BIND working with DNSSEC.  Lucas seems to be starting a series of ‘Mastery’ books, where he covers all the territory around a specific topic.  This one, like his previous title, is exactly what it says.  As long as you have some existing clue around zone files and DNS, the book will take you from no DNSSEC at all to fully implemented in less than 100 pages.  (well, at least in the PDF version, but that gives you an idea of the size.)

Use it to learn, or use it as a quick reference – either way will work.  If you have any DNS server(s) to manage, you’re the target audience.  I expect DNS without these security extensions will go the way of telnet vs. ssh.

A book covering things like new encrypted hash zone record types is going to be a bit dry, but there’s an appropriate sprinkling of humor through the book.  I’ve reviewed other Lucas books before, and I’ve got another on my plate right now, but this is the same: there’s plenty of funny to make the lessons go down easier.

DNSSEC Mastery: Securing the Domain Name System with BIND is available on AmazonBarnes & NobleSmashwords, and his self-publishing site.  Also see Peter N. M. Hansteen’s review of the book.

 

Posted on
No Lazy Reading

I’m inexplicably short on links this week; I blame my schedule/the nice weather for much for much of the U.S./the class I’m teaching ending/my trip to TCAF for this.  More Lazy Reading next week!  Meanwhile, I have a book review coming up as an alternative.

Posted on
Lazy Reading for 2013/05/05

Lots of links, not a lot of commentary, this week.  Enjoy!

Your unrelated link of the week: Baman Piderman.  It’s a series of Youtube videos.  Just… roll with it.

Posted on
DragonFly 3.4 released!

As posted in my email to users@: Version 3.4 of DragonFly is officially out.

The release ISO/IMG files are all available at the usual mirrors:

http://www.dragonflybsd.org/mirrors/

The release notes have details on all the changes:

http://www.dragonflybsd.org/release34/

If you are planning to try the new dports system for installing third-party software, check the DPorts Howto page:

http://www.dragonflybsd.org/docs/howtos/HowToDPorts/

If you have an installed DragonFly 3.2 system and you are looking to upgrade, these (not directly tested) steps should work, as root:

cd /usr/src
git fetch origin
git branch DragonFly_RELEASE_3_4 origin/DragonFly_RELEASE_3_4
git checkout DragonFly_RELEASE_3_4

… And then go through the normal buildworld/buildkernel process found in /usr/src/UPDATING.  If you are running a generic kernel, that can be as simple as

make buildworld && make buildkernel && make installkernel && make installworld && make upgrade

(and then reboot)

If you encounter problems, please report them at bugs.dragonflybsd.org.  I get better at testing for each release, but I also get better at discovering new problems just after release.

Posted on
Lazy Reading for 2013/04/28

These are getting denser and denser with links, in part because I’m looking harder and in part because Hacker News is becoming a better and better source of links; there seems to be a new go-to site for tech links every 8-12 months.  Slashdot, then Digg, then Reddit, then Hacker News…

  •  Intel has published a HTML5 development environment.  I don’t even know if it would work on DragonFly or even any BSD, but I feel efforts to make tools that are actually, genuinely, crossplatform should be looked at.  Defensive platform-specific content seems to still be a thing.
  • Slightly related: Building a Roguelike in Javascript.  There’s several parts to this.  (via)
  • The Eternal Mainframe.  The argument is a little wild-eyed, but the underlying thesis: “Cloud == Mainframe” is valid.  (via)
  • A Primer on IPv4, IPv6, and Transition.  I signed up for an IPv6 tunnel recently, but I’m not directing traffic over it.  I should be.  (via)
  • How to make Your Open Source Project Really Awesome.  The title is linkbaity, but the steps listed are correct.  You will look at the “If you want to completely screw your users…” notes and nod to yourself, recognizing something that bit you.  (via)
  • There’s still Apple ][ software being sold.  I vaguely feel like I bought from there before…  (via)
  • Everything’s being put into a git repo these days.  (via)  Wait, spoke too soon.  (thanks, ‘bla’ in comments)
  • Scaling Pinterest.  I like seeing what technology is used as a site transitions from “oh yeah, running on leftover hardware in my basement” to “we need to hire yet another person to keep this all running”.  (via)

Your unrelated link of the week: Sometimes, repeated variations on a single theme can lead to some entertaining humor.  Therefore, Dog Snack.

(Did I just sneak in two unrelated links?  Yes I did.)