DNS Security (DNSSEC) helps protect against DNS-spoofing attacks by providing origin authentication and integrity protection of DNS information. Proper maintenance of a DNSSEC-enhanced DNS zone is essential to protecting the domain's zone data.

This Step-by-Step DNSSEC-Tools Operator Guidance Document is intended for operations using the DNSSEC-Tools v1.0 distribution. It will assist operators in gaining operational experience with DNSSEC. Some basic understanding of DNSSEC terms and concepts is required. It follows the format laid out by [dnssec-operators-guide].

This document is meant to be a learning aid and is not intended to define policy in any form. Any implicit recommendations for key sizes, signature validity periods, and command line parameters are for illustration purposes ONLY and MUST NOT be used in production environments unless due-diligence has been taken to ensure that these values are acceptable within such environments. See [dnssec-operational-practices] for suggestions on determining appropriate security characteristics.

This document was written as part of the DNSSEC-Tools project. The goal of this project is to create a set of documentation, tools, patches, applications, libraries, wrappers, extensions, and plug-ins that will help ease the deployment of DNSSEC-related technologies. For more information about this project and the tools that are being developed and provided, please see the DNSSEC-Tools project web page at: http://www.dnssec-tools.org.