Bind 9 prob

Jim Reid jim at
Thu Mar 8 16:14:46 UTC 2001

>>>>> "Lye" == Lye  <sze4041 at> writes:

    Lye> Hi,all What is the procedure to create a signed file ?

    Lye> Is this procedure correct :

    Lye> 1. Use dnssec-keygen (to generate keys) 
    Lye> 2. Use dnssec-signzone(to sign the zones)

Nearly. Step 1.1 is to add the KEY records generated from step 1 to
the unsigned zone file. This could be done by editing the file or by
means of a $INCLUDE directive. Read the man pages for dnssec-keygen
and dnssec-signzone. Step 1.2 would be to run dnssec-makekeyset, get
the parent zone to sign those keys and incorporate those signatures
into the zone file prior to signing. This step only applies if the
parent zone is DNSSEC-aware.

BTW the process of zone signing is documented in the BIND9
Administrator's Reference Manual.

More information about the bind-users mailing list