DNSSec: Difference between revisions

From Jan's Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 4: Line 4:
  gpgsql-dnssec=yes
  gpgsql-dnssec=yes


  sudo pdnssec add-zone-key conti.work zsk active ecdsa384
  sudo pdnssec add-zone-key conti.work zsk 1024 active rsasha256
  sudo pdnssec add-zone-key conti.work ksk active ecdsa384
  sudo pdnssec add-zone-key conti.work ksk 2048 active rsasha256
  sudo pdnssec secure-zone conti.work
  sudo pdnssec secure-zone conti.work
  sudo pdnssec rectify-zone conti.work
  sudo pdnssec rectify-zone conti.work


Upload public ZSK [https://www.gandi.net/admin/domain/dnssec/5104640]
Upload public KSK ZSK [https://www.gandi.net/admin/domain/dnssec/5104640]
  sudo pdnssec export-zone-dnskey conti.work 1
  dig DNSKEY conti.work
 
Upload public KSK [https://www.gandi.net/admin/domain/dnssec/5104640]
  sudo pdnssec export-zone-dnskey conti.work 2


[https://doc.powerdns.com/md/authoritative/dnssec/]
[https://doc.powerdns.com/md/authoritative/dnssec/]

Revision as of 19:56, 12 February 2015

How to setup DNSSEC with powerdns:

  • Add dnssec to pdns.conf:
gpgsql-dnssec=yes

sudo pdnssec add-zone-key conti.work zsk 1024 active rsasha256
sudo pdnssec add-zone-key conti.work ksk 2048 active rsasha256
sudo pdnssec secure-zone conti.work
sudo pdnssec rectify-zone conti.work

Upload public KSK ZSK [1] 

dig  DNSKEY conti.work

[2]

Retrieved from "https://wiki.jans.space//index.php?title=DNSSec&oldid=80"