opennic:dnssec

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
opennic:dnssec [2018-04-18T23:28:38Z] – add powerdns jonaharagonopennic:dnssec [2022-01-22T16:55:23Z] (current) – Add Unbound configuration Jeremy
Line 39: Line 39:
 > >
 > <code> > <code>
-dig DNSKEY . @45.56.116.224 +short+dig DNSKEY . @195.201.99.61 +short
 </code> </code>
 > <code> > <code>
Line 101: Line 101:
 trust-anchor=.,47089,8,2,6d81988a88bd546e429486cc0a97518f90f9fc6c6c6b7e5bc2788469858c7324 trust-anchor=.,47089,8,2,6d81988a88bd546e429486cc0a97518f90f9fc6c6c6b7e5bc2788469858c7324
 </code> </code>
 +
 +==== Unbound ====
 +
 +1. Generate the ''/etc/unbound/opennic.dnskey'' file:
 +
 +<code>
 +dig @195.201.99.61 . DNSKEY | dnssec-dsfromkey -2 -f - . > /etc/unbound/opennic.dnskey
 +</code>
 +
 +2. Edit ''/etc/unbound/unbound.conf'' and set the attribute ''auto-trust-anchor-file'' with the ''opennic.dnskey'' file:
 +
 +<code>
 +auto-trust-anchor-file: "opennic.dnskey"
 +</code>
 +
 +3. Restart Unbound: ''systemctl restart unbound''
  
 ===== Testing DNSSEC ===== ===== Testing DNSSEC =====
  • /wiki/data/pages/opennic/dnssec.txt
  • Last modified: 2 years ago
  • by Jeremy