My DNS server has been running Centos for some time. I am in the process of upgrading it to Centos 5.5 (long overdue, I know). Since we now have .com signed I want to get my domain signed as well, but I see that Centos 5.5 is running BIND 9.3.6 and a thread on the BIND list recommends against running a DNSSEC master zone on anything less than 9.6 and you really should be on 9.7. The thread DOES mention that some functionality has been backported by RH to what their 9.3.6. I did find the following: http://jason.roysdon.net/2009/10/16/building-bind-9-6-on-rhel5-centos5-for-dnssec-nsec3-support/ Is this the best path at this time? Can anyone point me to other documents? I have a server that I can test this out and get everything ready before I upgrade my main Centos DNS server. This way I can get it right in one try (or that is the dream).