Dnssec bind9: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 13: | Zeile 13: | ||
=Key Signing Key (KSK) generieren= | =Key Signing Key (KSK) generieren= | ||
*'''cd /etc/bind/keys/''' | *'''cd /etc/bind/keys/''' | ||
| − | *'''dnssec-keygen -3 -a RSASHA512 -b 4096 -n ZONE | + | *'''dnssec-keygen -3 -a RSASHA512 -b 4096 -n ZONE -f KSK kit.lab''' |
Version vom 14. Februar 2023, 15:29 Uhr
Grundkonfiguration
- cat /etc/bind/named.conf.options
options {
directory "/var/cache/bind";
key-directory "/var/bind/keys";
dnssec-validation auto;
};
Verzeichnis erstellen
- mkdir -p /etc/bind/keys/
- chown -R bind:bind /etc/bind/keys/
Key Signing Key (KSK) generieren
- cd /etc/bind/keys/
- dnssec-keygen -3 -a RSASHA512 -b 4096 -n ZONE -f KSK kit.lab