How to setup DNSSEC on a BIND DNS server

Home > Search > How-to
  by

Make the following configurations in the /etc/named.conf file.

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;

 

Move to the directory where your forward and reverse zone files are located, which is /var/named in this example, and create .key and .private files. Replace example.com with the name of the domain you want to secure. This should create the public and private key files, such as Kexample.com+005+34836.key and Kexample.com+005+34836.private.

[root@server1 ~]# cd /var/named/
[root@server1 ~]# dnssec-keygen -a RSASHA1 -b 2048 -n ZONE example.com

 

Append the public key to the forward zone file. Make sure you use >> and not >, so that you do not overwrite your zone file.

[root@server1 ~]# cat Kexample.com*.key >> forward.example.com.zone

 

Sign the zone file.

[root@server1 ~]# dnssec-signzone -e +3024000 -N INCREMENT example.com

 

Restart named.

[root@server1 ~]# service named restart

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments