Log in Register

Login to your account

Username *
Password *
Remember Me

Create an account

Fields marked with an asterisk (*) are required.
Name *
Username *
Password *
Verify password *
Email *
Verify email *

DNSSEC on BIND Featured

  • Posted on:  Tuesday, 18 August 2020 09:32
  • Written by 

Cau hinh dnssec tren Master

Luu y: Do named chay = user named, nen thu muc example phai chown named: named /var/named/example

[root@BindMaster bind-9.11.17]# cd /var/named/example/

[root@BindMaster example]# dnssec-keygen -r /dev/urandom -a rsasha256 -b 1024 example.com

Generating key pair.......++++++ ..........................++++++

Kexample.com.+008+14310

[root@BindMaster example]#

 

Sau khi tao key xong, cung phai chown cac ky

# chown named: named /var/named/example/*.*

Sau do sua cau hinh trong zone example.com trong file named.conf roi khoi dong lai named

zone "example.com" IN {

            type master;

            auto-dnssec maintain;

            inline-signing yes;

            key-directory "/var/named/example";

            file "example.com";

            allow-transfer {key "examplekey"; };

            };

include "/etc/named.rfc1912.zones";

#include "/etc/named.root.key";

[root@BindMaster example]#

###########Kiem Tra############

[root@BindMaster example]# dig @192.168.55.107 example.com +dnssec

 

; <<>> DiG 9.11.17 <<>> @192.168.55.107 example.com +dnssec

; (1 server found)

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52779

;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 3, ADDITIONAL: 5

 

;; OPT PSEUDOSECTION:

; EDNS: version: 0, flags: do; udp: 4096

; COOKIE: 8a26639f43283a65dec5588b5ef58eb74a8062f8cd4a0ecb (good)

;; QUESTION SECTION:

;example.com.                                  IN           A

 

;; ANSWER SECTION:

example.com.                    86400    IN           A             66.228.45.214

example.com.                    86400    IN           RRSIG    A 8 2 86400 20200717011919 20200626045846 14310 example.com. ia7CALhqUYMc4/XaTvt2JHzRczsQZ3VEG1v/a85j/Tm7llV1Wwovh5w6 MrH6XfsdCoOoQ8z/bqsIvSxgXDsIZOFadvFuCipOnEE4leRQ+41uLPeR BV2Y9LkDW49oY6nw1oeRoL3gzM8zWYpXd6Slkje3mxR4ySGTpL75ng6J 3Iw=

 

;; AUTHORITY SECTION:

example.com.                    86400    IN           NS          ns1.example.com.

example.com.                    86400    IN           NS          ns2.example.com.

example.com.                    86400    IN           RRSIG    NS 8 2 86400 20200717011919 20200626045846 14310 example.com. G2ObC4BvotjGZLdsp36Qqx/i6GGBI0sXJN2ljHAWxgRjHfFUlG5ZRYca Cg0pg8xXxZmaOeWeWYBAj+ppr7Qoks7dR+NieNw25wQ1Q8mBZUUf3tqe jPNboPRMMYDTX/8S+B59zslievN2/RAi8RgOPWKD9d0jRwQ++GgNWR15 jzs=

 

;; ADDITIONAL SECTION:

ns1.example.com.             86400    IN           A             192.168.0.107

ns2.example.com.             86400    IN           A             66.228.45.214

ns1.example.com.             86400    IN           RRSIG    A 8 3 86400 20200717011919 20200626045846 14310 example.com. vvlBCmkGyiwiDitEBOZrdpg1iQk31rP3/CH+nRdCF398Bi5TsSQqSfx5 8uJmaJ7W6BkaU2B3SOpFx/v+6Ubx7TloznIg8JkZ5BXuhqcufahWyl0u LyRSvilfFHgpR48yWtxjXelDehckiZ4BiLt68F21n2ork8oHTQhkC0v/ B0Q=

ns2.example.com.             86400    IN           RRSIG    A 8 3 86400 20200704024225 20200626045846 14310 example.com. qywvDNLZixrKmzMdD0inthOMHakL/s1odP2p+YMXX4fVaveTBJZZo1Yz i4u9wjzixysxuzA6cRPJuqI9AnAFyUQndblUy8CYsBTmRtkGmRGDGZPM bqv90Okr/ukATGxbchoRfEo7GXLb0LfE16unV1wgUVqhrQJmWTboAnRS qQo=

 

;; Query time: 0 msec

;; SERVER: 192.168.55.107#53(192.168.55.107)

;; WHEN: Fri Jun 26 12:59:19 +07 2020

;; MSG SIZE  rcvd: 836

 

#####################

 

[root@NSD02 var]# more /etc/nsd/example.com.zone
$ORIGIN example.com.    ; default zone domain
$TTL 86400           ; default time to live

@ IN SOA ns1 This email address is being protected from spambots. You need JavaScript enabled to view it. (
           2012082703  ; serial number
           28800       ; Refresh
           14400        ; Retry
           864000      ; Expire
           86400       ; Min TTL
           )

           NS      ns1.example.com.
           NS      ns2.example.com.
           MX      10 mail.example.com.

mail       IN     A    66.228.45.214
www        IN     A    66.228.45.214
ns1              IN     A    192.168.0.107
ns2              IN     A    66.228.45.214
*                  IN     A    66.228.45.214
@                IN     A    66.228.45.214

Read 141 times Last modified on Tuesday, 18 August 2020 10:26

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.