opennic:dnssec

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
opennic:dnssec [2021-03-20T16:36:50Z] – Updated root server IP Shdwdrgnopennic:dnssec [2022-01-22T16:55:23Z] (current) – Add Unbound configuration Jeremy
Line 101: Line 101:
 trust-anchor=.,47089,8,2,6d81988a88bd546e429486cc0a97518f90f9fc6c6c6b7e5bc2788469858c7324 trust-anchor=.,47089,8,2,6d81988a88bd546e429486cc0a97518f90f9fc6c6c6b7e5bc2788469858c7324
 </code> </code>
 +
 +==== Unbound ====
 +
 +1. Generate the ''/etc/unbound/opennic.dnskey'' file:
 +
 +<code>
 +dig @195.201.99.61 . DNSKEY | dnssec-dsfromkey -2 -f - . > /etc/unbound/opennic.dnskey
 +</code>
 +
 +2. Edit ''/etc/unbound/unbound.conf'' and set the attribute ''auto-trust-anchor-file'' with the ''opennic.dnskey'' file:
 +
 +<code>
 +auto-trust-anchor-file: "opennic.dnskey"
 +</code>
 +
 +3. Restart Unbound: ''systemctl restart unbound''
  
 ===== Testing DNSSEC ===== ===== Testing DNSSEC =====
  • /wiki/data/pages/opennic/dnssec.txt
  • Last modified: 2 years ago
  • by Jeremy