setup DNSSEC on Bind9
# cd /etc/bind
Add these lines to your zone declaration in named.conf.local:
inline-signing yes; auto-dnssec maintain;
Then:
# mkdir /var/cache/bind/keys # cd /var/cache/bind/keys # dnssec-keygen -a RSASHA256 -b 2048 -f KSK example.com # dnssec-keygen -a RSASHA256 -b 1280 example.com # cd /etc/bind
Add to the zone "example.com" section in the file named.conf.local:
inline-signing yes;
auto-dnssec maintain;
Edit named.conf.options file, and add
- Read more about setup DNSSEC on Bind9
- Log in to post comments