I run a personal server in my home. That machine offers services to the external world through email and web, and also provides services to my own internal network, which includes security cameras, several terminals, an internal wireless arrangement, a couple of dedicated servers, and an internal web with pages whose purpose differs from those pages intended for external consumption.

By necessity, my installation demands “split horizon” domain name service (DNS), a need which is easily accomodated by running “BIND” on a server which faces both the external world and the internal network. This presents one “view” of my network to the external world, and another entirely different “view” (ie different IP's for the same domain) to the internal network.

In keeping with my personal desire to engage in “best practices” (whatever those are!) I wish to employ DNSSEC. I also have no intention of engaging any service for which I have to pay.

Here is a list of what I need:

Acquiring all of these things at the same time required a surprisingly complicated effort. This article is intended to let you know how it was managed.