opennic:dnssec

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revisionBoth sides next revision
opennic:dnssec [2018-04-16T19:49:31Z] – created jonaharagonopennic:dnssec [2018-04-18T23:28:38Z] – add powerdns jonaharagon
Line 72: Line 72:
  
 4. Restart BIND: ''systemctl restart bind9'' 4. Restart BIND: ''systemctl restart bind9''
 +
 +==== PowerDNS Recursor ====
 +
 +Create ''/etc/powerdns/config.lua'' with the following content:
 +
 +<file lua config.lua>
 +addDS('.', "47089 8 2 6D81988A88BD546E429486CC0A97518F90F9FC6C6C6B7E5BC2788469858C7324")
 +</file>
 +
 +Add the following lines to ''/etc/powerdns/recursor.conf'':
 +
 +<code>
 +lua-config-file=/etc/powerdns/config.lua
 +dnssec=log-fail
 +</code>
 +
 +Note that this will validate correctly, but will only log bogus domains instead of returning ''SERVFAIL''. This is fine in the DNSSEC testing period, but for full DNSSEC compliance, ''dnssec'' should be changed from ''log-fail'' to ''validate''.
 +
 +Restart PowerDNS: ''systemctl restart pdns-recursor''
  
 ==== dnsmasq ==== ==== dnsmasq ====
  • /wiki/data/pages/opennic/dnssec.txt
  • Last modified: 2 years ago
  • by Jeremy