Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
linux:bind [2015/08/12 10:53] zagi |
linux:bind [2015/08/12 14:06] zagi |
||
---|---|---|---|
Line 2: | Line 2: | ||
==== DNSSEC ==== | ==== DNSSEC ==== | ||
+ | |||
+ | dnssec-keygen -a 7 -b 2048 -n ZONE domena.org | ||
+ | dnssec-keygen -f KSK -a 8 -b 4096 -n ZONE domena.org | ||
+ | |||
+ | copy generated files in / | ||
+ | |||
+ | if you put your keys in / | ||
+ | |||
+ | |||
+ | put this in zone domena.org | ||
+ | |||
+ | inline-signing yes; | ||
+ | auto-dnssec maintain; | ||
+ | key-directory "/ | ||
+ | sig-validity-interval 3; // default is 30D | ||
+ | |||
+ | use dnssec-dsfromkey to create DS DNS records from **KSK files.** | ||
Line 11: | Line 28: | ||
dnssec-lookaside auto;\\ | dnssec-lookaside auto;\\ | ||
+ | Add DS records at your domain registrar! | ||
+ | check your domain with http:// | ||