# cd /etc/bind
Add these lines to your zone declaration in named.conf.local:
inline-signing yes; auto-dnssec maintain;
Then:
# mkdir /var/cache/bind/keys # cd /var/cache/bind/keys # dnssec-keygen -a RSASHA256 -b 2048 -f KSK example.com # dnssec-keygen -a RSASHA256 -b 1280 example.com # cd /etc/bind
Add to the zone "example.com" section in the file named.conf.local:
inline-signing yes;
auto-dnssec maintain;
Edit named.conf.options file, and add
key-directory "/var/cache/bind/keys";
to the options block.
# service named reload
# rndc loadkeys example.com # rndc signing -nsec3param 1 0 10 auto example.com
That's all folks!
- Log in to post comments
Link