Make the following configurations in the /etc/named.conf file.
dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto;
Move to the directory where your forward and reverse zone files are located, which is /var/named in this example, and create .key and .private files. Replace example.com with the name of the domain you want to secure. This should create the public and private key files, such as Kexample.com+005+34836.key and Kexample.com+005+34836.private.
[root@server1 ~]# cd /var/named/ [root@server1 ~]# dnssec-keygen -a RSASHA1 -b 2048 -n ZONE example.com
Append the public key to the forward zone file. Make sure you use >> and not >, so that you do not overwrite your zone file.
[root@server1 ~]# cat Kexample.com*.key >> forward.example.com.zone
Sign the zone file.
[root@server1 ~]# dnssec-signzone -e +3024000 -N INCREMENT example.com
[root@server1 ~]# service named restart