Bind 9 prob
Jim Reid
jim at rfc1035.com
Thu Mar 8 16:14:46 UTC 2001
>>>>> "Lye" == Lye <sze4041 at singnet.com.sg> writes:
Lye> Hi,all What is the procedure to create a signed file ?
Lye> Is this procedure correct :
Lye> 1. Use dnssec-keygen (to generate keys)
Lye> 2. Use dnssec-signzone(to sign the zones)
Nearly. Step 1.1 is to add the KEY records generated from step 1 to
the unsigned zone file. This could be done by editing the file or by
means of a $INCLUDE directive. Read the man pages for dnssec-keygen
and dnssec-signzone. Step 1.2 would be to run dnssec-makekeyset, get
the parent zone to sign those keys and incorporate those signatures
into the zone file prior to signing. This step only applies if the
parent zone is DNSSEC-aware.
BTW the process of zone signing is documented in the BIND9
Administrator's Reference Manual.
More information about the bind-users
mailing list