User Tools
bdnog11:netsec:bind-implementing-dnssec
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | |||
|
bdnog11:netsec:bind-implementing-dnssec [2020/01/13 15:14] Muhammad Moinur Rahman [C.Publishing the zone] |
bdnog11:netsec:bind-implementing-dnssec [2020/01/14 12:34] Muhammad Moinur Rahman |
||
|---|---|---|---|
| Line 22: | Line 22: | ||
| - Update the DNS configuration. Change options in the configuration file ''/etc/bind/named.conf.options'' to allow DNSSEC. These options must be enabled for this lab to success. This option is required only for LAB purpose and not applicable to real life:\\ <code> | - Update the DNS configuration. Change options in the configuration file ''/etc/bind/named.conf.options'' to allow DNSSEC. These options must be enabled for this lab to success. This option is required only for LAB purpose and not applicable to real life:\\ <code> | ||
| - | dnssec-validation yes;</code>\\ **dnssec-enable** allows named to respond to DNS requests from DNSSEC-aware clients. The default is yes, but is best added in the `named.conf` so you know how to turn it off.\\ If `dnssec-validation` is set to auto, it defaults to the DNS root zone as the trust anchor.\\ If set to yes, a trust anchor must be explicitly configured using the trusted-keys option.\\ <code> | + | dnssec-validation yes;</code>\\ **dnssec-enable** allows named to respond to DNS requests from DNSSEC-aware clients. The default is yes, but is best added in the `named.conf` so you know how to turn it off.\\ If `dnssec-validation` is set to auto, it defaults to the DNS root zone as the trust anchor.\\ If set to yes, a trust anchor must be explicitly configured using the trusted-keys option in ''/etc/bind/named.conf.local''.\\ <code> |
| trusted-keys { | trusted-keys { | ||
| . 257 3 8 "AwEAAeBVrjcVk2End+jIb/0b5vRZJlQVgh2nspHrcDISSyeslhEiLWUr W9M8Bl/LrUM0PYbfzkzhwtDayPm3Pz1hJN4cdr/zXcjgG/iuOZzXuAK+ GJmhEbM7QS1Tw7YrZLPO8OjqpnSt+vZirfsfCR44KtN9klrx6YFKrFt0 jB6C4gP4S955RyViqLnhNQfW3sq6LIkiUhpVgO82X0GHfe7FFCgqVxG+ 9nmaTu3M6mE9bsiAjuHyxlc+je8Ll12n56cpCMU+f+46hRSSDH6vtMUl sYaP2rvzjn1Mo1txtTLL8K0eXtHPYIaH6mDU8gcfPNFX+7mdECqMbs7B y0JQRykIHtgDTa9pCCIamrpquXvuAIQSAsnZ6ENzpPLRiaLCU92lCrYm +xL2RwQ4i3Y1sbPVfn6D73OWockfGf+Yc6CSxBCk8LvDM5LKtlN7CvkO DF8Jd9hajAL32ZVF2GlW6ps5+9coE0zJgkaWpNicMczIvL1WYtb+hmaK yR48cPDjdgnnezHifHix3C74zpdL4QmN10muzyGqULUKqYZOXiMQff5i TMtFO5MwAFrAfwmgfw+o+NAryhRwFqWaY0h4z8TTCh3rVRYR5PfOzFcd aoewfzOm90XihvoqRrajaEK1W6F+IS/3UVEo4YR7M8mdZK1QF+g94bg0 4yCZkSGN8Z+xnu0p"; | . 257 3 8 "AwEAAeBVrjcVk2End+jIb/0b5vRZJlQVgh2nspHrcDISSyeslhEiLWUr W9M8Bl/LrUM0PYbfzkzhwtDayPm3Pz1hJN4cdr/zXcjgG/iuOZzXuAK+ GJmhEbM7QS1Tw7YrZLPO8OjqpnSt+vZirfsfCR44KtN9klrx6YFKrFt0 jB6C4gP4S955RyViqLnhNQfW3sq6LIkiUhpVgO82X0GHfe7FFCgqVxG+ 9nmaTu3M6mE9bsiAjuHyxlc+je8Ll12n56cpCMU+f+46hRSSDH6vtMUl sYaP2rvzjn1Mo1txtTLL8K0eXtHPYIaH6mDU8gcfPNFX+7mdECqMbs7B y0JQRykIHtgDTa9pCCIamrpquXvuAIQSAsnZ6ENzpPLRiaLCU92lCrYm +xL2RwQ4i3Y1sbPVfn6D73OWockfGf+Yc6CSxBCk8LvDM5LKtlN7CvkO DF8Jd9hajAL32ZVF2GlW6ps5+9coE0zJgkaWpNicMczIvL1WYtb+hmaK yR48cPDjdgnnezHifHix3C74zpdL4QmN10muzyGqULUKqYZOXiMQff5i TMtFO5MwAFrAfwmgfw+o+NAryhRwFqWaY0h4z8TTCh3rVRYR5PfOzFcd aoewfzOm90XihvoqRrajaEK1W6F+IS/3UVEo4YR7M8mdZK1QF+g94bg0 4yCZkSGN8Z+xnu0p"; | ||
bdnog11/netsec/bind-implementing-dnssec.txt ยท Last modified: 2020/01/14 12:34 by Muhammad Moinur Rahman
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 3.0 Unported
