Differences between revisions 1 and 2
Revision 1 as of 2016-08-02 16:54:58
Size: 799
Editor: WilliMann
Comment: intermediate saving
Revision 2 as of 2016-08-02 17:39:20
Size: 1369
Editor: WilliMann
Comment: Complete steps
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
DNSSEC Howto hier beschreiben... = DNSSEC Howto =
Line 4: Line 4:
chmod g+w keys
mkdir zones
mkdir zones keys
chmod g+w zones
Line 34: Line 34:

== The signing part ==

{{{
cd keys
dnssec-keygen -a RSASHA256 -b 2048 -3 example.mytld
dnssec-keygen -a RSASHA256 -b 2048 -3 -fk example.mytld
cd ..
}}}

add

{{{
        auto-dnssec maintain;
        inline-signing yes;
}}}

to the zone "example.mytld" section

add

{{{
         key-directory "/etc/bind/keys/";
}}}

to the options section in named.conf.options

execute
{{{
rndc loadkeys example.mytld
NSECSEED=$(printf "%04x%04x" $RANDOM $RANDOM)
rndc signing -nsec3param 1 0 10 $NSECSEED example.mytld.
}}}

to let bind sign the zone.

DNSSEC Howto

mkdir zones keys
chmod g+w zones
cd zones

create file example.mytld.zone

$TTL    6400
@       IN      SOA     ns1.example.mytld. dnsmaster.example.mytld. (
                        2016080201 ;Serial
                        8H      ; refresh
                        2H      ; retry
                        1W      ; expire
                        2H      ; TTL
                        )
        IN      NS      ns1.example.mytld.
ns1     IN      A       127.0.0.1
www     IN      A       192.168.0.1

add the following section to named.conf.local

zone "example.mytld" {
        type master;
        file "/etc/bind/zones/example.mytld.zone";
        allow-query {any; };
        allow-transfer { 127.0.0.1; };
};

The signing part

cd keys
dnssec-keygen -a RSASHA256 -b 2048 -3 example.mytld
dnssec-keygen -a RSASHA256 -b 2048 -3 -fk example.mytld
cd ..

add

        auto-dnssec maintain;
        inline-signing yes;

to the zone "example.mytld" section

add

         key-directory "/etc/bind/keys/";

to the options section in named.conf.options

execute

rndc loadkeys example.mytld 
NSECSEED=$(printf "%04x%04x" $RANDOM $RANDOM)
rndc signing -nsec3param 1 0 10 $NSECSEED example.mytld.

to let bind sign the zone.