DNSSEC deployement in an isolated virtual environment
Amaury Van Pevenaeyge
avanpevenaeyge at outlook.fr
Sat Mar 16 13:37:43 UTC 2024
Hello I'm a student in my last year of the Master in Cybersecurity at ULB. As part of my thesis, I'm doing research to develop a DNS Amplification scenario that will eventually be deployed within a Cyber Range. I have to carry out various measurements and develop different attacks in a virtual environment. I've already been able to set up my entire environment in VirtualBox for DNS (i.e. without DNSSEC). Now I need to deploy DNSSEC on my server. I've managed to generate my key pairs and sign my DNS zones. However, when I try to do a dig from my client VM, I get a SERVFAIL. I think this is because the chain of trust can't be established, which in my case is perfectly normal as I'm in an isolated test environment. So how can I deploy DNSSEC correctly so that the chain of trust is not taken into account and it works in my virtual environment? I think I know how DNSSEC works, but if you also have any clarification to offer, I'd be delighted to hear from you. My BIND server runs on an Ubuntu22.04 Jammy Jellyfish VM.
Thanks in advance for your help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20240316/4c5de0bb/attachment.htm>
More information about the bind-users
mailing list