Blame
Date:
Tue Jan 3 05:00:22 2023
UTC
Message:
Daily backup
11
2022-04-02
text=(:title Configuring DNSSEC for NSD:)%0a%0aThis guide assumes you are providing DNS for your domain through NSD.%0a%0aFirst step is to install ldns-utils package by NLnet Labs%0a%0a[@%0a# pkg_add ldns-utils%0a@]%0a%0aWe then need to generate zone signing keys and key signing keys%0a%0a[@%0a# mkdir /var/nsd/zsks%0a# mkdir /var/nsd/ksks%0a# cd /var/nsd/zsks && ldns-keygen -a ECDSAP384SHA384 domain.com%0a# cd /var/nsd/ksks && ldns-keygen -k -a ECDSAP384SHA384 domain.com%0a@]%0a%0aSign the zone with the ZSK and KSK and also enabling NSEC3. When generating the keys there will be specific numbers generated as part of the filename including your domain. When running the command ldns-signzone you will need to use the whole filename up to the period (.). See ldns-signzone(1) for more details.%0a%0a[@%0a# cd /var/nsd/zones/master%0a# ldns-signzone -n -o domain.com %3czone-file> ../../zsks/Kdomain.comXXX ../../ksks/Kdomain.comXXX%0a@]%0a%0aThis will generate a new zone file with the extension '.signed'. In this example the file would be called domain.com.signed.%0a%0aUpdate nsd.conf to point to the new zone file and restart nsd. Check /var/log/messages for any errors.%0a%0aAt this point the final step is to login to your registrar to update the glue records. This is specific to each registrar. You will need the information in your ksks/*.ds file to copy/paste into the registrar.%0a%0aTest if DNSSEC is working by typing your domain into https://dnssec-analyzer.verisignlabs.com/
15
2022-04-02
diff:1642128803:1641938878:=24c24%0a%3c # ldns-signzone -n -o domain.com %3czone-file> ../../zsks/Kdomain.comXXX ../../ksks/Kdomain.comXXX%0a---%0a> # ldns-signzone -n -o domain.com ../../zsks/Kdomain.comXXX ../../ksks/Kdomain.comXXX%0a
18
2022-04-02
diff:1641938878:1641755435:=3,4c3,4%0a%3c This guide assumes you are providing DNS for your domain through NSD.%0a%3c %0a---%0a> What is DNSSEC? XXX%0a> %0a8,33c8,9%0a%3c # pkg_add ldns-utils%0a%3c @]%0a%3c %0a%3c We then need to generate zone signing keys and key signing keys%0a%3c %0a%3c [@%0a%3c # mkdir /var/nsd/zsks%0a%3c # mkdir /var/nsd/ksks%0a%3c # cd /var/nsd/zsks && ldns-keygen -a ECDSAP384SHA384 domain.com%0a%3c # cd /var/nsd/ksks && ldns-keygen -k -a ECDSAP384SHA384 domain.com%0a%3c @]%0a%3c %0a%3c Sign the zone with the ZSK and KSK and also enabling NSEC3. When generating the keys there will be specific numbers generated as part of the filename including your domain. When running the command ldns-signzone you will need to use the whole filename up to the period (.). See ldns-signzone(1) for more details.%0a%3c %0a%3c [@%0a%3c # cd /var/nsd/zones/master%0a%3c # ldns-signzone -n -o domain.com ../../zsks/Kdomain.comXXX ../../ksks/Kdomain.comXXX%0a%3c @]%0a%3c %0a%3c This will generate a new zone file with the extension '.signed'. In this example the file would be called domain.com.signed.%0a%3c %0a%3c Update nsd.conf to point to the new zone file and restart nsd. Check /var/log/messages for any errors.%0a%3c %0a%3c At this point the final step is to login to your registrar to update the glue records. This is specific to each registrar. You will need the information in your ksks/*.ds file to copy/paste into the registrar.%0a%3c %0a%3c Test if DNSSEC is working by typing your domain into https://dnssec-analyzer.verisignlabs.com/%0a\ No newline at end of file%0a---%0a> pkg_add ldns-utils%0a> @]%0a\ No newline at end of file%0a
21
2022-04-02
diff:1641755435:1641755215:=3,6c3,4%0a%3c What is DNSSEC? XXX%0a%3c %0a%3c First step is to install ldns-utils package by NLnet Labs%0a%3c %0a---%0a> tbd%0a> %0a8c6%0a%3c pkg_add ldns-utils%0a---%0a> some command%0a
24
2022-04-02
diff:1641755215:1641755215:=1,7d0%0a%3c (:title Configuring DNSSEC for NSD:)%0a%3c %0a%3c tbd%0a%3c %0a%3c [@%0a%3c some command%0a%3c @]%0a\ No newline at end of file%0a