Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
linux:bind [2015/08/12 10:53] zagi |
linux:bind [2015/08/12 14:46] (current) zagi |
||
|---|---|---|---|
| Line 2: | Line 2: | ||
| ==== DNSSEC ==== | ==== DNSSEC ==== | ||
| + | |||
| + | dnssec-keygen -a 7 -b 2048 -n ZONE domena.org | ||
| + | dnssec-keygen -f KSK -a 8 -b 4096 -n ZONE domena.org | ||
| + | |||
| + | copy generated files in / | ||
| + | |||
| + | if you put your keys in / | ||
| + | |||
| + | |||
| + | put this in zone domena.org | ||
| + | |||
| + | inline-signing yes; | ||
| + | auto-dnssec maintain; | ||
| + | key-directory "/ | ||
| + | sig-validity-interval 3; // default is 30D | ||
| + | |||
| + | use dnssec-dsfromkey to create DS DNS records from **KSK files.** | ||
| Line 7: | Line 24: | ||
| - | dnssec-validation auto;\\ | + | dnssec-validation auto; |
| - | dnssec-enable yes;\\ | + | dnssec-enable yes; |
| - | dnssec-lookaside auto;\\ | + | dnssec-lookaside auto; |
| + | Add DS records at your domain registrar! | ||
| + | check your domain with http:// | ||
