DNSSEC Master Configuration

在 conf 檔裡面 加上 這三條
vim /usr/local/etc/named/named.conf

Create a Zone Signing Key(ZSK)

Create a Key Signing Key(KSK)

Sample output.

The directory will now have 4 keys – private/public pairs of ZSK and KSK. We have to add the public keys which contain the DNSKEY record to the zone file. The following for loop will do this.

目前會看到 4 個 key

Sign the zone with the dnssec-signzone command.

salt: 隨便輸入數字 (就 hash table 裡提過的 “salt” )
This creates a new file named example.com.zone.signed
which contains RRSIG records for each DNS record.
產生 .signed 檔後
去  conf 檔 改原本 zone 裡面的設定

Change the file option inside the zone { } section.


你的電子郵件位址並不會被公開。 必要欄位標記為 *