User Tools

Site Tools


bdnog11:netsec:bind-implementing-dnssec

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
bdnog11:netsec:bind-implementing-dnssec [2020/01/13 15:14]
Muhammad Moinur Rahman [C.Publishing the zone]
bdnog11:netsec:bind-implementing-dnssec [2020/01/14 12:34] (current)
Muhammad Moinur Rahman
Line 22: Line 22:
  
   - Update the DNS configuration. Change options in the configuration file ''/​etc/​bind/​named.conf.options''​ to allow DNSSEC. These options must be enabled for this lab to success. This option is required only for LAB purpose and not applicable to real life:\\ <​code>​   - Update the DNS configuration. Change options in the configuration file ''/​etc/​bind/​named.conf.options''​ to allow DNSSEC. These options must be enabled for this lab to success. This option is required only for LAB purpose and not applicable to real life:\\ <​code>​
-dnssec-validation yes;</​code>​\\ **dnssec-enable** allows named to respond to DNS requests from DNSSEC-aware clients. The default is yes, but is best added in the `named.conf` so you know how to turn it off.\\ If `dnssec-validation` is set to auto, it defaults to the DNS root zone as the trust anchor.\\ If set to yes, a trust anchor must be explicitly configured using the trusted-keys option.\\ <​code>​+dnssec-validation yes;</​code>​\\ **dnssec-enable** allows named to respond to DNS requests from DNSSEC-aware clients. The default is yes, but is best added in the `named.conf` so you know how to turn it off.\\ If `dnssec-validation` is set to auto, it defaults to the DNS root zone as the trust anchor.\\ If set to yes, a trust anchor must be explicitly configured using the trusted-keys option ​in ''/​etc/​bind/​named.conf.local''​.\\ <​code>​
 trusted-keys { trusted-keys {
  . 257 3 8 "​AwEAAeBVrjcVk2End+jIb/​0b5vRZJlQVgh2nspHrcDISSyeslhEiLWUr W9M8Bl/​LrUM0PYbfzkzhwtDayPm3Pz1hJN4cdr/​zXcjgG/​iuOZzXuAK+ GJmhEbM7QS1Tw7YrZLPO8OjqpnSt+vZirfsfCR44KtN9klrx6YFKrFt0 jB6C4gP4S955RyViqLnhNQfW3sq6LIkiUhpVgO82X0GHfe7FFCgqVxG+ 9nmaTu3M6mE9bsiAjuHyxlc+je8Ll12n56cpCMU+f+46hRSSDH6vtMUl sYaP2rvzjn1Mo1txtTLL8K0eXtHPYIaH6mDU8gcfPNFX+7mdECqMbs7B y0JQRykIHtgDTa9pCCIamrpquXvuAIQSAsnZ6ENzpPLRiaLCU92lCrYm +xL2RwQ4i3Y1sbPVfn6D73OWockfGf+Yc6CSxBCk8LvDM5LKtlN7CvkO DF8Jd9hajAL32ZVF2GlW6ps5+9coE0zJgkaWpNicMczIvL1WYtb+hmaK yR48cPDjdgnnezHifHix3C74zpdL4QmN10muzyGqULUKqYZOXiMQff5i TMtFO5MwAFrAfwmgfw+o+NAryhRwFqWaY0h4z8TTCh3rVRYR5PfOzFcd aoewfzOm90XihvoqRrajaEK1W6F+IS/​3UVEo4YR7M8mdZK1QF+g94bg0 4yCZkSGN8Z+xnu0p";​  . 257 3 8 "​AwEAAeBVrjcVk2End+jIb/​0b5vRZJlQVgh2nspHrcDISSyeslhEiLWUr W9M8Bl/​LrUM0PYbfzkzhwtDayPm3Pz1hJN4cdr/​zXcjgG/​iuOZzXuAK+ GJmhEbM7QS1Tw7YrZLPO8OjqpnSt+vZirfsfCR44KtN9klrx6YFKrFt0 jB6C4gP4S955RyViqLnhNQfW3sq6LIkiUhpVgO82X0GHfe7FFCgqVxG+ 9nmaTu3M6mE9bsiAjuHyxlc+je8Ll12n56cpCMU+f+46hRSSDH6vtMUl sYaP2rvzjn1Mo1txtTLL8K0eXtHPYIaH6mDU8gcfPNFX+7mdECqMbs7B y0JQRykIHtgDTa9pCCIamrpquXvuAIQSAsnZ6ENzpPLRiaLCU92lCrYm +xL2RwQ4i3Y1sbPVfn6D73OWockfGf+Yc6CSxBCk8LvDM5LKtlN7CvkO DF8Jd9hajAL32ZVF2GlW6ps5+9coE0zJgkaWpNicMczIvL1WYtb+hmaK yR48cPDjdgnnezHifHix3C74zpdL4QmN10muzyGqULUKqYZOXiMQff5i TMtFO5MwAFrAfwmgfw+o+NAryhRwFqWaY0h4z8TTCh3rVRYR5PfOzFcd aoewfzOm90XihvoqRrajaEK1W6F+IS/​3UVEo4YR7M8mdZK1QF+g94bg0 4yCZkSGN8Z+xnu0p";​
bdnog11/netsec/bind-implementing-dnssec.txt ยท Last modified: 2020/01/14 12:34 by Muhammad Moinur Rahman