Setup a DNSSEC with my own public and private key

[Jim Reid]

>>>>> "Manuel" == Manuel Gil Perez <manuel at dif.um.es> writes:

    Manuel> I am the UMU-PKIv6 administrator
    Manuel> (http://pki.umu.euro6ix.org) and I would like use it to
    Manuel> enroll my DNS server. Currently, the PKI publish
    Manuel> certificates and CRLs in a DNS (BIND 9.2.1) through the
    Manuel> TSIG mechanism but I would like to update to BIND 9.3.0
    Manuel> for using SIG(0), it is most sure. For this, I would like
    Manuel> to setup the DNS with my own keys.

I don't understand. Why should it matter what the value of the key is
for some SIG(0) signed transaction? All you seem to be doing here is
authenticating the source of a dynamic update. I can't see why
anything should need to know or even care about the actual value of
the SIG(0) key that was used or how that could make a difference.
Presumably you'll be doing "nsupdate -k ...." to generate the SIG(0)
signed dynamic updates, so the only things that would need to know
about the actual keys are the things which generate and validate those
"signatures", ie the nsupdate client and the name server.

BTW you might also want to check out the CERT record and publish your
certificates in the DNS. Though this might not be sensible unless they
were stored in a DNSSEC-signed zone.