opennic:dnssec

LDAP: couldn't connect to LDAP server

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
opennic:dnssec [2018-04-16T19:49:31Z]
jonaharagon created
opennic:dnssec [2021-03-20T16:36:50Z] (current)
Shdwdrgn Updated root server IP
Line 39: Line 39:
 > >
 > <code> > <code>
-dig DNSKEY . @45.56.116.224 +short+dig DNSKEY . @195.201.99.61 +short
 </code> </code>
 > <code> > <code>
Line 72: Line 72:
  
 4. Restart BIND: ''systemctl restart bind9'' 4. Restart BIND: ''systemctl restart bind9''
 +
 +==== PowerDNS Recursor ====
 +
 +Create ''/etc/powerdns/config.lua'' with the following content:
 +
 +<file lua config.lua>
 +addDS('.', "47089 8 2 6D81988A88BD546E429486CC0A97518F90F9FC6C6C6B7E5BC2788469858C7324")
 +</file>
 +
 +Add the following lines to ''/etc/powerdns/recursor.conf'':
 +
 +<code>
 +lua-config-file=/etc/powerdns/config.lua
 +dnssec=log-fail
 +</code>
 +
 +Note that this will validate correctly, but will only log bogus domains instead of returning ''SERVFAIL''. This is fine in the DNSSEC testing period, but for full DNSSEC compliance, ''dnssec'' should be changed from ''log-fail'' to ''validate''.
 +
 +Restart PowerDNS: ''systemctl restart pdns-recursor''
  
 ==== dnsmasq ==== ==== dnsmasq ====
  • /wiki/data/attic/opennic/dnssec.1523908171.txt.gz
  • Last modified: 4 years ago
  • by jonaharagon