thr3ads.net - nsd users - [nsd-users] DLV [Mar 2010]

If this information is useful, please help other people find it:
Share via:

keiji.u0719 at gmail.com

2010-Mar-01 13:32 UTC

[nsd-users] DLV

Hi ALL.

I am embarrassed because of "DLV DNSSEC" correspondence of nsd.
I
1.Make Keys "KSK"
$ dnssec-keygen -r /dev/urandom -f KSK -a RSASHA256 -b 2048 -n ZONE hoge.fuga
> ksk-hoge.fuga

2.Make Keys "ZSK"
$ dnssec-keygen -r /dev/urandom -a RSASHA256 -b 1024 -n ZONE hoge.fuga >
zsk-hoge.fuga

3.ZSK.key is registered in https://dlv.isc.org/. 
Return
dlv.hoge.fuga. 0 IN TXT "DLV:1:*******"

4.Write hoge.fuga.zone
----------------------------------
...
www.hoge.fuga IN A 127.0.0.1
...
hoge.fuga. IN DNSKEY 256 3 8  AwEAAaFC....aeMdlv.hoge.fuga. 0 IN TXT
"DLV:1:*******"
----------------------------------

5. ZONE SIGNING.
$ dnssec-signzone -o hoge.fuga -k `cat ksk-hoge.fuga`.private -z hoge.fuga.zone
`cat zsk-hoge.fuga`.private
hoge.fuga.zone.signed

6. Write nsd.conf
-----------------------------------
key:
        name: mskey
        algorithm: ???????
        secret: "???????"

zone:
        name: "hoge.fuga"
        zonefile: "hoge.fuga.zone.signed"
        #zonefile: "hoge.fuga.zone"
        provide-xfr: 127.0.0.1 mskey
        provide-xfr: 192.168.0.1 mskey
-----------------------------------
You do only have to describe in "nsd.conf" and what wind describe it?

-- 
 <keiji.ue0719 at gmail.com>

keiji.u0719 at gmail.com

2010-Mar-01 13:34 UTC

head link

[nsd-users] DLV

Hi ALL.

I am embarrassed because of "DLV DNSSEC" correspondence of nsd.
I
1.Make Keys "KSK"
$ dnssec-keygen -r /dev/urandom -f KSK -a RSASHA256 -b 2048 -n ZONE hoge.fuga
> ksk-hoge.fuga

2.Make Keys "ZSK"
$ dnssec-keygen -r /dev/urandom -a RSASHA256 -b 1024 -n ZONE hoge.fuga >
zsk-hoge.fuga

3.ZSK.key is registered in https://dlv.isc.org/. 
Return
dlv.hoge.fuga. 0 IN TXT "DLV:1:*******"

4.Write hoge.fuga.zone
----------------------------------
...
www.hoge.fuga IN A 127.0.0.1
...
hoge.fuga. IN DNSKEY 256 3 8  AwEAAaFC....aeMdlv.hoge.fuga. 0 IN TXT
"DLV:1:*******"
----------------------------------

5. ZONE SIGNING.
$ dnssec-signzone -o hoge.fuga -k `cat ksk-hoge.fuga`.private -z hoge.fuga.zone
`cat zsk-hoge.fuga`.private
hoge.fuga.zone.signed

6. Write nsd.conf
-----------------------------------
key:
        name: mskey
        algorithm: ???????
        secret: "???????"

zone:
        name: "hoge.fuga"
        zonefile: "hoge.fuga.zone.signed"
        #zonefile: "hoge.fuga.zone"
        provide-xfr: 127.0.0.1 mskey
        provide-xfr: 192.168.0.1 mskey
-----------------------------------
You do only have to describe in "nsd.conf" and what wind describe it?

-- 
 <keiji.ue0719 at gmail.com>

nsd users - Mar 2010 - DLV

[nsd-users] DLV

[nsd-users] DLV