This shows you the differences between two versions of the page.

Link to this comparison view

opennic:dnssec [2018-04-16T19:49:31Z]
jonaharagon created
opennic:dnssec [2018-04-18T23:28:38Z] (current)
jonaharagon add powerdns
Line 72: Line 72:
 4. Restart BIND: ''​systemctl restart bind9''​ 4. Restart BIND: ''​systemctl restart bind9''​
 +==== PowerDNS Recursor ====
 +Create ''/​etc/​powerdns/​config.lua''​ with the following content:
 +<file lua config.lua>​
 +addDS('​.',​ "47089 8 2 6D81988A88BD546E429486CC0A97518F90F9FC6C6C6B7E5BC2788469858C7324"​)
 +Add the following lines to ''/​etc/​powerdns/​recursor.conf'':​
 +Note that this will validate correctly, but will only log bogus domains instead of returning ''​SERVFAIL''​. This is fine in the DNSSEC testing period, but for full DNSSEC compliance, ''​dnssec''​ should be changed from ''​log-fail''​ to ''​validate''​.
 +Restart PowerDNS: ''​systemctl restart pdns-recursor''​
 ==== dnsmasq ==== ==== dnsmasq ====
  • /wiki/data/pages/opennic/dnssec.txt
  • Last modified: 12 months ago
  • by jonaharagon