This shows you the differences between two versions of the page.

Link to this comparison view

opennic:dnssec [2018-04-16T19:49:31Z]
jonaharagon created
opennic:dnssec [2018-04-18T23:28:38Z] (current)
jonaharagon add powerdns
Line 72: Line 72:
 4. Restart BIND: ''systemctl restart bind9'' 4. Restart BIND: ''systemctl restart bind9''
 +==== PowerDNS Recursor ====
 +Create ''/etc/powerdns/config.lua'' with the following content:
 +<file lua config.lua>
 +addDS('.', "47089 8 2 6D81988A88BD546E429486CC0A97518F90F9FC6C6C6B7E5BC2788469858C7324")
 +Add the following lines to ''/etc/powerdns/recursor.conf'':
 +Note that this will validate correctly, but will only log bogus domains instead of returning ''SERVFAIL''. This is fine in the DNSSEC testing period, but for full DNSSEC compliance, ''dnssec'' should be changed from ''log-fail'' to ''validate''.
 +Restart PowerDNS: ''systemctl restart pdns-recursor''
 ==== dnsmasq ==== ==== dnsmasq ====
  • /wiki/data/pages/opennic/dnssec.txt
  • Last modified: 3 years ago
  • by jonaharagon