Differences

This shows you the differences between two versions of the page.

Link to this comparison view

opennic:dnssec [2018-04-16T19:49:31Z]
jonaharagon created
opennic:dnssec [2018-04-18T23:28:38Z] (current)
jonaharagon add powerdns
Line 72: Line 72:
  
 4. Restart BIND: ''​systemctl restart bind9''​ 4. Restart BIND: ''​systemctl restart bind9''​
 +
 +==== PowerDNS Recursor ====
 +
 +Create ''/​etc/​powerdns/​config.lua''​ with the following content:
 +
 +<file lua config.lua>​
 +addDS('​.',​ "47089 8 2 6D81988A88BD546E429486CC0A97518F90F9FC6C6C6B7E5BC2788469858C7324"​)
 +</​file>​
 +
 +Add the following lines to ''/​etc/​powerdns/​recursor.conf'':​
 +
 +<​code>​
 +lua-config-file=/​etc/​powerdns/​config.lua
 +dnssec=log-fail
 +</​code>​
 +
 +Note that this will validate correctly, but will only log bogus domains instead of returning ''​SERVFAIL''​. This is fine in the DNSSEC testing period, but for full DNSSEC compliance, ''​dnssec''​ should be changed from ''​log-fail''​ to ''​validate''​.
 +
 +Restart PowerDNS: ''​systemctl restart pdns-recursor''​
  
 ==== dnsmasq ==== ==== dnsmasq ====
  • /wiki/data/pages/opennic/dnssec.txt
  • Last modified: 8 months ago
  • by jonaharagon