[[linux:bind]]
Trace:
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
linux:bind [2015/08/12 14:05]
zagi 		linux:bind [2015/08/12 14:46] (current)
zagi
Line 3: Line 3:
 ==== DNSSEC ==== ==== DNSSEC ====
  
-dnssec-keygen -a 7 -b 2048 -n ZONE domena.org +  dnssec-keygen -a 7 -b 2048 -n ZONE domena.org 
-dnssec-keygen -f KSK -a 8 -b 4096 -n ZONE domena.org+  dnssec-keygen -f KSK -a 8 -b 4096 -n ZONE domena.org
  
 copy generated files in /etc/bind/keys. copy generated files in /etc/bind/keys.
Line 13: Line 13:
 put this in zone domena.org put this in zone domena.org
  
-inline-signing yes; +  inline-signing yes; 
-auto-dnssec maintain; +  auto-dnssec maintain; 
-key-directory "/etc/bind/keys/domena.org"; +  key-directory "/etc/bind/keys/domena.org"; 
-sig-validity-interval 3;  // default is 30D+  sig-validity-interval 3;  // default is 30D
  
-use dnssec-dsfromkey to create DS from KSK files.+use dnssec-dsfromkey to create DS DNS records from **KSK files.**
  
  
Line 24: Line 24:
  
  
-  dnssec-validation auto;\\ +  dnssec-validation auto; 
-  dnssec-enable yes;\\ +  dnssec-enable yes; 
-  dnssec-lookaside auto;\\+  dnssec-lookaside auto;
  
 Add DS records at your domain registrar! Add DS records at your domain registrar!
linux/bind.1439381117.txt.gz · Last modified: 2015/08/12 14:05 by zagi
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready