[nsd-users] DLV
keiji.u0719 at gmail.com
keiji.u0719 at gmail.com
Mon Mar 1 13:34:02 UTC 2010
Hi ALL.
I am embarrassed because of "DLV DNSSEC" correspondence of nsd.
I
1.Make Keys "KSK"
$ dnssec-keygen -r /dev/urandom -f KSK -a RSASHA256 -b 2048 -n ZONE hoge.fuga > ksk-hoge.fuga
2.Make Keys "ZSK"
$ dnssec-keygen -r /dev/urandom -a RSASHA256 -b 1024 -n ZONE hoge.fuga > zsk-hoge.fuga
3.ZSK.key is registered in https://dlv.isc.org/.
Return
dlv.hoge.fuga. 0 IN TXT "DLV:1:*******"
4.Write hoge.fuga.zone
----------------------------------
...
www.hoge.fuga IN A 127.0.0.1
...
hoge.fuga. IN DNSKEY 256 3 8 AwEAAaFC....aeM=
dlv.hoge.fuga. 0 IN TXT "DLV:1:*******"
----------------------------------
5. ZONE SIGNING.
$ dnssec-signzone -o hoge.fuga -k `cat ksk-hoge.fuga`.private -z hoge.fuga.zone `cat zsk-hoge.fuga`.private
hoge.fuga.zone.signed
6. Write nsd.conf
-----------------------------------
key:
name: mskey
algorithm: ???????
secret: "???????"
zone:
name: "hoge.fuga"
zonefile: "hoge.fuga.zone.signed"
#zonefile: "hoge.fuga.zone"
provide-xfr: 127.0.0.1 mskey
provide-xfr: 192.168.0.1 mskey
-----------------------------------
You do only have to describe in "nsd.conf" and what wind describe it?
--
<keiji.ue0719 at gmail.com>
More information about the nsd-users
mailing list