Differences

This shows you the differences between two versions of the page.

--- linux:bind [2011/08/01 13:31]
193.164.137.40 [audit dns]
+++ linux:bind [2015/08/12 14:46] (current)
zagi
@@ Line 1: / Line 1: @@
 ====== BIND (is there anyting else?) ======
 ==== DNSSEC ====
+  dnssec-keygen -a 7 -b 2048 -n ZONE domena.org
+  dnssec-keygen -f KSK -a 8 -b 4096 -n ZONE domena.org
+copy generated files in /etc/bind/keys.
+if you put your keys in /etc/bind/keys do not forget about permissions and apparmor!
+put this in zone domena.org
+  inline-signing yes;
+  auto-dnssec maintain;
+  key-directory "/etc/bind/keys/domena.org";
+  sig-validity-interval 3;  // default is 30D
+use dnssec-dsfromkey to create DS DNS records from **KSK files.**
 To enable add to bind.named.options:\\
-dnssec-enable yes;\\
-dnssec-validation yes;\\
-dnssec-lookaside . trust-anchor dlv.isc.org.;\\
+  dnssec-validation auto;
+  dnssec-enable yes;
+  dnssec-lookaside auto;
+Add DS records at your domain registrar!
+check your domain with  http://dnsviz.net/
-include "/etc/bind/trusted.key";
 https://www.dns-oarc.net/files/odvr/configs/bind/trusted-keys.conf\\
@@ Line 18: / Line 40: @@
         category dnssec { null;};};\\
-==== Speedup tips ====
-  > I have built a local DNS server bind (Debian Sarge).The DNS should
-  > accelerate DNS look ups by LAN clients.
-  > But Now, in contrary the local dns is slower than a custom DNS by my
-  > webhoster :-(
-  You should use BIND 9, disable lookups over IPv6 (OPTIONS="-u bind -4"
-  in /etc/defaults/bind9), and you need to wait a bit until the local
-  cache has been filled.
 ==== Letting bind/named query a specific DNS server for only one specific domain ====