Bind Named DNS - Setup DNSSEC on a BIND DNS server
by
Jeremy Canfield |
Updated: August 05 2021
| Bind Named DNS articles
Make the following configurations in the /etc/named.conf file.
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
Move to the directory where your forward and reverse zone files are located, which is /var/named in this example, and create .key and .private files. Replace example.com with the name of the domain you want to secure. This should create the public and private key files, such as Kexample.com+005+34836.key and Kexample.com+005+34836.private.
[root@server1 ~]# cd /var/named/
[root@server1 ~]# dnssec-keygen -a RSASHA1 -b 2048 -n ZONE example.com
Append the public key to the forward zone file. Make sure you use >> and not >, so that you do not overwrite your zone file.
[root@server1 ~]# cat Kexample.com*.key >> forward.example.com.zone
Sign the zone file.
[root@server1 ~]# dnssec-signzone -e +3024000 -�N INCREMENT example.com
Restart named.
[root@server1 ~]# service named restart
Did you find this article helpful?
If so, consider buying me a coffee over at