måndag 14 mars 2011

bind9 dnssec

Example:

To configure bind9 so that you can sign the zone with
rndc sign sics6.se; rndc freeze; rndc unfreeze;


in /etc/bind/named.conf.options:


options {
directory "/var/cache/bind";
key-directory "/etc/bind/dnssec";

...

};




in /etc/bind/named.conf.local:


include "/etc/bind/keys.conf";
include "/etc/bind/rndc.key";



controls {
      inet 127.0.0.1 port 953
              allow { 127.0.0.1; } keys { "rndc-key"; };
};



...



zone "sics6.se." IN {
        type master;
        file "/etc/bind/zones/sics6.se..signed";
        allow-update { key lra.sics.se.; };
        auto-dnssec allow;
};