
Securing your zone with DNSSEC and DANE - mooreds
https://mforney.org/blog/2020-05-21-securing-your-zone-with-dnssec-and-dane.html
======
ietf-dane
One thing that needs to be stressed is the importance of _monitoring_ your
deployment [unmonitored security should be an oxymoron].

The author's diligence is impressive, and I am sure he learned a lot doing it
(kudos), but of course for most users DYI toolchains are not the most cost-
effective investment of resources. Just go with e.g. BIND 9.16 which has quite
decent built-in key management.

