DNSSEC

From Braindump
Jump to navigation Jump to search 
dnssec-settime -I +172800 -D +345600 Kjanmg.com.+005+12332.key
dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE janmg.com
dig A janmg.com. @localhost +noadditional +dnssec +multiline

https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server--2 https://manager.linode.com/dns/domain%5Fslave/janmg%2Ecom 

cd /var/bind/
dnssec-keygen -a NSEC3RSASHA1 -b 4096 -n ZONE janmg.com
dnssec-settime -I +172800 -D +345600 Kjanmg.com.+005+12332.key
dig A janmg.com. @localhost +noadditional +dnssec +multiline
dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE janmg.com
sudo vi /etc/bind/zone/janmg.com
sudo service named restart
dnssec-signzone -A -3 $(head -c 1000 /dev/urandom | sha256sum | cut -b 1-16) -N INCREMENT -o janmg.com -t /etc/bind/zone/janmg.com
sudo dnssec-signzone -A -3 $(head -c 1000 /dev/urandom | sha256sum | cut -b 1-16) -N INCREMENT -o janmg.com -z -t /etc/bind/zone/janmg.com

cat /etc/bind/zone/janmg.com

SERIAL=$(/usr/sbin/named-checkzone janmg.com /etc/bind/zone/janmg.com | egrep -ho '[0-9]{10}')
DATE=$(date -u +"%Y%m%d")
if [[ "${SERIAL}" =~ "${DATE}".* ]];
then 
 sed -i 's/'$SERIAL'/'$(($SERIAL+1))'/' /etc/bind/zone/janmg.com
else
 sed -i 's/'$SERIAL'/'${DATE}01'/' /etc/bind/zone/janmg.com
fi

chown named:named /var/bind/K*
chown named:named /etc/bind/zone
tail -f /var/log/named/janmg.log 

sudo dnssec-dsfromkey -2 -f /etc/bind/zone/janmg.com.signed janmg.com

https://account.dyn.com/dns/domain-registration/dnssec.html?name=janmg.com 

dig A janmg.com. +noadditional +dnssec +multiline

https://dnssec-debugger.verisignlabs.com/janmg.com

Retrieved from "https://www.janmg.com/wiki/index.php?title=DNSSEC&oldid=14"