systemd-resolve-daemon

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
systemd-resolve-daemon [2026-04-16T15:41:47Z] joestr1systemd-resolve-daemon [2026-05-10T08:34:54Z] (current) – use delegation signer (DS) instead of DNSKEY joestr1
Line 31: Line 31:
   mkdir -p /etc/dnssec-trust-anchors.d/   mkdir -p /etc/dnssec-trust-anchors.d/
      
-Get the DNSKEY for the "." root zone:+Get the DS record for the DNSKEY for the "." root zone:
  
-  dig DNSKEY . @127.0.0.1 +noall +answer +  dig @195.201.99.61 . DNSKEY | dnssec-dsfromkey -2 -f - > /etc/dnssec-trust-anchors.d/opennic.positive
-   +
-Now we have to input those key into a new file:+
  
-  touch /etc/dnssec-trust-anchors.d/opennic.positive +Now restart the resolver:
-   +
-Insert the queries DNSKEYs into this file.+
  
-After that remove the TTL (Time-To-Live) value between ''.'' and ''IN''.+  systemctl restart systemd-resolved.service
  
 After this, we can resolve a query with DNSSEC and DoT: After this, we can resolve a query with DNSSEC and DoT:
  • /wiki/data/pages/systemd-resolve-daemon.txt
  • Last modified: 4 weeks ago
  • by joestr1