storing url for free time reading :)
This guide is written by myself so that I do not forgot how to do this again in the future. This should remind me how to set up DNSSEC with BIND 9.9 complete with keys rollover scheme that should be painless to implement.
I assume that you already have:-
- BIND 9.9 installed. Older version doesn't work with this guide. And trust me, you don't want to deal with dynamic zones which DNSSEC-enabled BIND <9 .9="" 6="" called="" centos="" created="" daemon="" guide="" have="" is="" li="" named="" process="" running="" the="" therefore="" this="" to.="" under="" unless="" used="" user="" using="" you="">
- Fully working .my zone(s) in that BIND installation.
- Technical contact access in domainregistry.my control panel for your .my domain.
First, ensure that DNSSEC is enabled in the BIND install (it should be on by default).
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
recursion no;
version "It's over 9000";dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
sig-validity-interval 30 8;/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";managed-keys-directory "/var/named/dynamic";
};
No comments:
Post a Comment