Adding a new domain with DNSSEC
@lbutlr
kremels at kreme.com
Sun Apr 10 16:37:32 UTC 2022
On 2022 Apr 10, at 05:37, Bjørn Mork <bjorn at mork.no> wrote:
> "@lbutlr" <kremels at kreme.com> writes:
>
>> # dnssec-keygen -a 13 example,com
>> # dnssec-keygen -f KSK -a 13 example,com
>>
>> Add $INLCUDE to the zone file for each of these 4 keys.
>
> 4? You've generated 2 key pairs. There should be only 2 public keys
> included in the zone.
Ah, right, of course. I knew it was something dumb.
> But I can recommend the automated zone maintenance instead, either using
> the modern "dnssec-policy":
I do have that set, but getting the domain setup in the first place seemed to still be necessary.
Now to find the DS key...
--
"He has never been known to use a word that might send a reader to
the dictionary." - William Faulkner (about Ernest Hemingway).
More information about the bind-users
mailing list