Service/Nameservers: Difference between revisions
No edit summary |
No edit summary |
||
| Line 117: | Line 117: | ||
/etc/init.d/bind9 reload | /etc/init.d/bind9 reload | ||
sleep 3 | sleep 3 | ||
== DNSSEC details == | |||
=== How to create keys for a new domain === | |||
dnssec-keygen -r/dev/random -a RSASHA1 -b 1024 -n ZONE codewiz.org | |||
dnssec-keygen -r/dev/random -f KSK -a RSASHA1 -b 1280 -n ZONE codewiz.org | |||
=== How to manually sign a zone === | |||
=== How to validate zone data === | |||
* Validate zone data with dig: | |||
dig +dnssec +multiline -t ns codewiz.org. @localhost | grep ad | |||
* Validate zone data against domain DNSKEY: | |||
unbound-host -y 'codewiz.org. IN DNSKEY 256 3 5 AwEAAa3dS5/3fkGXuqXft2dN/UPUivGqiYzZF+jWcow8LTAnlsoYaJFB VMAlJWbC6FFI7AMjoJYpmoeDMgHd4BtVqZO2ikx5zc48CtOUHUdXs7nw fMSQoVOnplpTKH2AgyRfDqYhtosP0euyJQNZI+NiYneZb1o1Ys7PE87Y 7FamjXwV' -v codewiz.org | |||
* Validate zone data against domain DS key: | |||
unbound-host -y 'codewiz.org. IN DS 58126 5 2 96BF1964F3EA9885F5DE83DA14419F55F579A42BC18759C1B79BDE64 7587CFA8' -v codewiz.org | |||
* Validate zone data against root DNSKEY: | |||
unbound-host -y '. DNSKEY 257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq QxA+Uk1ihz0=' -v codewiz.org | |||
* Validate zone data online: | |||
http://secspider.cs.ucla.edu/codewiz-org--zone.html | |||