DNSSEC - many doubts
dot at dotat.at
Thu Apr 2 16:23:45 UTC 2020
David Alexandre M. de Carvalho <david at di.ubi.pt> wrote:
A few hints and tips...
> my named.conf already has the following:
> dnssec-enable yes;
You don't need this because it's on by default :-)
> dnssec-lookaside auto;
You want to remove this because the DNSSEC lookaside validation service
has been decommissioned.
> bindkeys-file "/etc/named.iscdlv.key";
I prefer not to configure this or install the file, instead relying on
BIND's compiled-in copy because that means one less thing to maintain.
> 2) I have one global "hosts" file and 3 reverse zone files, each for the
> respective IP network. Can I use the same Keypair in all of them?
Each zone should have its own zsk and ksk (two K*.key and K*.private files
for each zone).
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Mull of Galloway to Mull of Kintyre including the Firth of Clyde and North
Channel: Northwesterly 4 to 6 backing westerly 3 to 5, then southwesterly 2 to
4 later. Smooth or slight in far north, but elsewhere slight or moderate.
Showers, wintry at first. Good, occasionally moderate.
More information about the bind-users