To configure bind9 so that you can sign the zone with
rndc sign sics6.se; rndc freeze; rndc unfreeze;
in /etc/bind/named.conf.options:
options {
directory "/var/cache/bind";
key-directory "/etc/bind/dnssec";
...
};
in /etc/bind/named.conf.local:
include "/etc/bind/keys.conf";
include "/etc/bind/rndc.key";
controls {
inet 127.0.0.1 port 953
allow { 127.0.0.1; } keys { "rndc-key"; };
};
...
zone "sics6.se." IN {
type master;
file "/etc/bind/zones/sics6.se..signed";
allow-update { key lra.sics.se.; };
auto-dnssec allow;
};