Ежемесячные архивы: Октябрь 2018

Named & DNSSEC


root@mx2/usr/local/etc> cd namedb/
root@mx2/usr/local/etc/namedb> ls -l
total 154
-rw-r--r-- 1 root wheel 2761 30 сент. 04:48 bind.keys
drwxr-xr-x 2 bind bind 2 4 нояб. 2016 dynamic
drwxr-xr-x 2 root wheel 9 4 окт. 13:42 master
-rw-r--r-- 1 root wheel 23811 6 марта 2018 named.conf
-rw-r--r-- 1 root wheel 21682 30 сент. 04:48 named.conf.sample
-rw-r--r-- 1 root wheel 3402 30 сент. 04:48 named.root
-rw-r--r-- 1 root wheel 868 30 сент. 04:48 rndc.conf.sample
-rw------- 1 bind wheel 97 1 дек. 2016 rndc.key
drwxr-xr-x 2 bind bind 2 4 нояб. 2016 slave
drwxr-xr-x 2 bind bind 4 4 окт. 13:42 working
root@mx2/usr/local/etc/namedb> mkdir keys
root@mx2/usr/local/etc/namedb> chown bind:bind keys/

root@mx2/usr/local/etc/namedb> cd keys/
root@mx2/usr/local/etc/namedb/keys> dnssec-keygen -f KSK -a RSASHA1 -b 2048 -n ZONE sat-expert.com
Generating key pair..................................+++ .....+++
Ksat-expert.com.+005+62341
root@mx2/usr/local/etc/namedb/keys> ls -l
total 18
-rw-r--r-- 1 root bind 611 26 окт. 09:24 Ksat-expert.com.+005+62341.key
-rw------- 1 root bind 1774 26 окт. 09:24 Ksat-expert.com.+005+62341.private

root@mx2/usr/local/etc/namedb/keys> chown bind:bind *
root@mx2/usr/local/etc/namedb/keys> ls -l
total 18
-rw-r--r-- 1 bind bind 611 26 окт. 09:24 Ksat-expert.com.+005+62341.key
-rw------- 1 bind bind 1774 26 окт. 09:24 Ksat-expert.com.+005+62341.private
root@mx2/usr/local/etc/namedb/keys>

root@mx2/usr/local/etc/namedb/keys> dnssec-keygen -a RSASHA1 -b 2048 -n ZONE sat-expert.com
Generating key pair.......+++ ..........+++
Ksat-expert.com.+005+09855
root@mx2/usr/local/etc/namedb/keys>
root@mx2/usr/local/etc/namedb/keys>
root@mx2/usr/local/etc/namedb/keys>
root@mx2/usr/local/etc/namedb/keys>
root@mx2/usr/local/etc/namedb/keys> ls -l
total 36
-rw-r--r-- 1 root bind 611 26 окт. 09:28 Ksat-expert.com.+005+09855.key
-rw------- 1 root bind 1774 26 окт. 09:28 Ksat-expert.com.+005+09855.private
-rw-r--r-- 1 bind bind 611 26 окт. 09:24 Ksat-expert.com.+005+62341.key
-rw------- 1 bind bind 1774 26 окт. 09:24 Ksat-expert.com.+005+62341.private
root@mx2/usr/local/etc/namedb/keys>
root@mx2/usr/local/etc/namedb/keys> chown bind:bind *
root@mx2/usr/local/etc/namedb/keys>

root@mx2/usr/local/etc/namedb/keys> dnssec-dsfromkey Ksat-expert.com.+005+62341
sat-expert.com. IN DS 62341 5 1 3CC84FB07C5612D4689D047400AF16B95BCB8E26
sat-expert.com. IN DS 62341 5 2 FD2D55BF60B8AC0808751E2CDAC8123F3748F05F7C9190BB21A24C3ED5BB416F
root@mx2/usr/local/etc/namedb/keys>

dig sat-expert.com +dnssec

dig +dnssec -t any @a.gtld-servers.net sat-expert.com.