DNSSec: Difference between revisions

From Jan's Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 13: Line 13:


Check if it worked [http://dnsviz.net/d/conti.work/analyze/] or here [http://dnssec-debugger.verisignlabs.com/conti.work]
Check if it worked [http://dnsviz.net/d/conti.work/analyze/] or here [http://dnssec-debugger.verisignlabs.com/conti.work]
Set nsec3 parameter [https://deepthought.isc.org/article/AA-00711/0/In-line-Signing-With-NSEC3-in-BIND-9.9-A-Walk-through.html]
sudo pdnssec set-nsec3 conti.work '1 0 10 db7fcd8a'
[https://doc.powerdns.com/md/authoritative/dnssec/]
[https://doc.powerdns.com/md/authoritative/dnssec/]

Revision as of 20:54, 12 February 2015

How to setup DNSSEC with powerdns:

  • Add dnssec to pdns.conf:
gpgsql-dnssec=yes

sudo pdnssec add-zone-key conti.work zsk 1024 active rsasha256
sudo pdnssec add-zone-key conti.work ksk 2048 active rsasha256
sudo pdnssec secure-zone conti.work
sudo pdnssec rectify-zone conti.work

Upload public KSK ZSK [1] 

dig  DNSKEY conti.work

Check if it worked [2] or here [3]

Set nsec3 parameter [4] 

sudo pdnssec set-nsec3 conti.work '1 0 10 db7fcd8a'

[5]

Retrieved from "https://wiki.jans.space//index.php?title=DNSSec&oldid=82"