Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
opennic:dnssec [2018-04-16T19:49:31Z] – created jonaharagon | opennic:dnssec [2022-01-22T16:55:23Z] (current) – Add Unbound configuration Jeremy | ||
---|---|---|---|
Line 39: | Line 39: | ||
> | > | ||
> < | > < | ||
- | dig DNSKEY . @45.56.116.224 +short | + | dig DNSKEY . @195.201.99.61 +short |
</ | </ | ||
> < | > < | ||
Line 72: | Line 72: | ||
4. Restart BIND: '' | 4. Restart BIND: '' | ||
+ | |||
+ | ==== PowerDNS Recursor ==== | ||
+ | |||
+ | Create ''/ | ||
+ | |||
+ | <file lua config.lua> | ||
+ | addDS(' | ||
+ | </ | ||
+ | |||
+ | Add the following lines to ''/ | ||
+ | |||
+ | < | ||
+ | lua-config-file=/ | ||
+ | dnssec=log-fail | ||
+ | </ | ||
+ | |||
+ | Note that this will validate correctly, but will only log bogus domains instead of returning '' | ||
+ | |||
+ | Restart PowerDNS: '' | ||
==== dnsmasq ==== | ==== dnsmasq ==== | ||
Line 82: | Line 101: | ||
trust-anchor=., | trust-anchor=., | ||
</ | </ | ||
+ | |||
+ | ==== Unbound ==== | ||
+ | |||
+ | 1. Generate the ''/ | ||
+ | |||
+ | < | ||
+ | dig @195.201.99.61 . DNSKEY | dnssec-dsfromkey -2 -f - . > / | ||
+ | </ | ||
+ | |||
+ | 2. Edit ''/ | ||
+ | |||
+ | < | ||
+ | auto-trust-anchor-file: | ||
+ | </ | ||
+ | |||
+ | 3. Restart Unbound: '' | ||
===== Testing DNSSEC ===== | ===== Testing DNSSEC ===== |