DNSSec: Difference between revisions

From Jan's Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 18: Line 18:


[https://doc.powerdns.com/md/authoritative/dnssec/]
[https://doc.powerdns.com/md/authoritative/dnssec/]
Adding DANE/TLSA record for mail server certificate verification
Howto [https://sys4.de/de/blog/2014/05/24/einen-tlsa-record-fuer-dane-mit-bind-9-publizieren/#den-tlsa-record-erstellen]
Verify with [http://www.internetsociety.org/deploy360/blog/2014/02/nist-offers-new-tool-to-verify-tlsa-records-for-dane-dnssec/]

Revision as of 21:48, 12 February 2015

How to setup DNSSEC with powerdns:

  • Add dnssec to pdns.conf:
gpgsql-dnssec=yes

sudo pdnssec add-zone-key conti.work zsk 1024 active rsasha256
sudo pdnssec add-zone-key conti.work ksk 2048 active rsasha256
sudo pdnssec secure-zone conti.work
sudo pdnssec rectify-zone conti.work

Upload public KSK ZSK [1] 

dig  DNSKEY conti.work

Check if it worked [2] or here [3]

Set nsec3 parameter [4] 

sudo pdnssec set-nsec3 conti.work '1 0 10 db7fcd8a'

[5]


Adding DANE/TLSA record for mail server certificate verification

Howto [6]

Verify with [7]

Retrieved from "https://wiki.jans.space//index.php?title=DNSSec&oldid=83"