User Tools

Site Tools


bdnog11:netsec:bind-tsig

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
bdnog11:netsec:bind-tsig [2020/01/13 10:11]
Muhammad Moinur Rahman
bdnog11:netsec:bind-tsig [2020/01/13 11:08] (current)
Muhammad Moinur Rahman
Line 7: Line 7:
   - All the master server will derive a key using ''​dnssec-keygen''​ statement in /etc/bind directory\\ <​code>​tsig-keygen groupXX.net >> /​etc/​bind/​groupXX.net.key</​code>​\\ Check that this generates file\\ <​code>​ls -la /​etc/​bind/​groupXX.net.key</​code>​\\ Note: Make sure that the key name is as descriptive as possible. In our example, the name chosen is ''​groupXX.net''​ to show that it is for the domain `groupXX.net` and the TSIG key is to be exchanged between `ns1` (the primary server) and `ns2` (the secondary server).   - All the master server will derive a key using ''​dnssec-keygen''​ statement in /etc/bind directory\\ <​code>​tsig-keygen groupXX.net >> /​etc/​bind/​groupXX.net.key</​code>​\\ Check that this generates file\\ <​code>​ls -la /​etc/​bind/​groupXX.net.key</​code>​\\ Note: Make sure that the key name is as descriptive as possible. In our example, the name chosen is ''​groupXX.net''​ to show that it is for the domain `groupXX.net` and the TSIG key is to be exchanged between `ns1` (the primary server) and `ns2` (the secondary server).
   - Update the primary server’s ''​named.conf.local''​` with this key.   - Update the primary server’s ''​named.conf.local''​` with this key.
-    - Edit ''​named.conf.local''​ and add the ''#​include''​ statement\\ <​code>​include "​groupXX.net.key";​+    - Edit ''​named.conf.local''​ and add the ''#​include''​ statement\\ <​code>​include "/etc/bind/groupXX.net.key";​
 server <​ip-of-slave>​ { server <​ip-of-slave>​ {
  keys { ns.groupXX; };   keys { ns.groupXX; }; 
Line 23: Line 23:
 mv /​home/​apnic/​groupXX.net.key /​etc/​bind/</​code>​ mv /​home/​apnic/​groupXX.net.key /​etc/​bind/</​code>​
     - Update the secondary server’s `named.conf` to reflect the same changes as the primary.\\ <​code>​     - Update the secondary server’s `named.conf` to reflect the same changes as the primary.\\ <​code>​
- include "​groupXX.net.keys";​+ include "/etc/bind/groupXX.net.keys";​
  server <​ip-of-master>​ {  server <​ip-of-master>​ {
  keys { groupXX.net;​ };   keys { groupXX.net;​ }; 
bdnog11/netsec/bind-tsig.txt · Last modified: 2020/01/13 11:08 by Muhammad Moinur Rahman