This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | Last revision Both sides next revision | ||
bdnog11:netsec:bind-implementing-dnssec [2020/01/13 15:12] Muhammad Moinur Rahman [B.Signing the zone] |
bdnog11:netsec:bind-implementing-dnssec [2020/01/13 15:14] Muhammad Moinur Rahman [C.Publishing the zone] |
||
---|---|---|---|
Line 69: | Line 69: | ||
file “db.groupXX.net.signed”; | file “db.groupXX.net.signed”; | ||
};</code>Change the file to point to the signed zone. | };</code>Change the file to point to the signed zone. | ||
- | - Start/Reload named service. Check if for the DNSKEY record using dig on the same server.<code>dig DNSKEY groupXX.net. @localhost +multiline</code>Check for the presence of RRSIG records.<code>dig groupXX.net. @localhost +multiline +dnssec A</code> | + | - Start/Reload named service. Check if for the DNSKEY record using dig on the same server.<code>dig DNSKEY groupXX.net. @localhost +multiline</code>Check for the presence of RRSIG records.<code>dig ns.groupXX.net. @localhost +multiline +dnssec A</code> |
- When we ran the ''dnssec-signzone'' command apart from the ''.signed'' zone file, a file named ''dsset-groupXX.net'' was also created, this contains the DS records. Push the DS record up to your parent domain. Open the file ''dsset-<yourdomain>'' (ex: ''dsset-groupXX.net''). This contains your DS records (see example below).<code> | - When we ran the ''dnssec-signzone'' command apart from the ''.signed'' zone file, a file named ''dsset-groupXX.net'' was also created, this contains the DS records. Push the DS record up to your parent domain. Open the file ''dsset-<yourdomain>'' (ex: ''dsset-groupXX.net''). This contains your DS records (see example below).<code> | ||
groupXX.net. IN DS 4297 5 1 C5A8C518B2208463F87CB30E35F247DD7EACCDB1 | groupXX.net. IN DS 4297 5 1 C5A8C518B2208463F87CB30E35F247DD7EACCDB1 |