Automated DNSSEC (command line)

Michelle Konzack linux4michelle at tamay-dogan.net
Fri May 28 23:11:26 UTC 2010 

Hello Casey,

Am 2010-05-28 14:43:54, hacktest Du folgendes herunter:
> Yes, and you really should use one.  The two most important things with
> signed zones are that your signatures don't expire, and that the right
> DNSSEC RRs are included in the zone.  So not only does it need to be
> resigned after changes (to include the proper DNSSEC RRs), but also
> periodically make sure signatures don't expire.  Here are a few of the tools
> written for that purpose:
> 
> http://dnssec-tools.org/
> http://www.opendnssec.org/
> http://www.hznet.de/dns/zkt/
> http://zonetool.sourceforge.net/

Wow, I have to check the most suitabble for me

> Looks okay to me.  Here's what your signed zone looks like visually:
> 
> http://dnsviz.net/d/tamay-dogan.net/dnssec/

Cool tool...

> Although, it looks like you perhaps didn't increment the zone serial, as
> only one of your authoritative servers is running a signed version of the
> zone.

Now I have a problem with it because HOW can I increase the serialnumber
in this big file.  In the old unsigned file I was working with a script,
but now I know nothing anymore.

Thanks, Greetings and nice Day/Evening
    Michelle Konzack

-- 
##################### Debian GNU/Linux Consultant ######################
   Development of Intranet and Embedded Systems with Debian GNU/Linux

itsystems at tdnet France EURL       itsystems at tdnet UG (limited liability)
Owner Michelle Konzack            Owner Michelle Konzack

Apt. 917 (homeoffice)
50, rue de Soultz                 Kinzigstraße 17
67100 Strasbourg/France           77694 Kehl/Germany
Tel: +33-6-61925193 mobil         Tel: +49-177-9351947 mobil
Tel: +33-9-52705884 fix

<http://www.itsystems.tamay-dogan.net/>  <http://www.flexray4linux.org/>
<http://www.debian.tamay-dogan.net/>         <http://www.can4linux.org/>

Jabber linux4michelle at jabber.ccc.de
ICQ    #328449886

Linux-User #280138 with the Linux Counter, http://counter.li.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.pgp
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100529/c5f31ddb/attachment.bin>

More information about the bind-users mailing list