[[linux:bind]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
linux:bind [2015/08/12 10:53]
zagi 		linux:bind [2015/08/12 14:05]
zagi
Line 2: Line 2:
  
 ==== DNSSEC ==== ==== DNSSEC ====
 +
 +dnssec-keygen -a 7 -b 2048 -n ZONE domena.org
 +dnssec-keygen -f KSK -a 8 -b 4096 -n ZONE domena.org
 +
 +copy generated files in /etc/bind/keys.
 +
 +if you put your keys in /etc/bind/keys do not forget about permissions and apparmor!
 +
 +
 +put this in zone domena.org
 +
 +inline-signing yes;
 +auto-dnssec maintain;
 +key-directory "/etc/bind/keys/domena.org";
 +sig-validity-interval 3;  // default is 30D
 +
 +use dnssec-dsfromkey to create DS from KSK files.
  
  
Line 11: Line 28:
   dnssec-lookaside auto;\\   dnssec-lookaside auto;\\
  
 +Add DS records at your domain registrar!
  
  
 +check your domain with  http://dnsviz.net/
  
  
linux/bind.txt ยท Last modified: 2015/08/12 14:46 by zagi
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready