[dns-operations] (no subject)

Richard T.A. Neal richard at richardneal.com
Mon Jun 12 17:57:27 UTC 2023


Hi Daniel,

I also wrote a Beginner’s Guide for DNSSEC using BIND9 here:
https://www.talkdns.com/articles/a-beginners-guide-to-dnssec-with-bind-9/

I hope that helps,

Richard.

From: dns-operations <dns-operations-bounces at dns-oarc.net> On Behalf Of daniel majela
Sent: Monday, June 12, 2023 2:37 PM
To: dns-operations at lists.dns-oarc.net
Subject: [dns-operations] (no subject)

  Hello...
My name is Daniel Majela and if possible I would like some help to implement DNNSEC on my servers.

Today I have 3 recursive and authoritative servers.
My external authoritative zones are copied to 2 DNS servers that are in the DMZ.

My first question is if there is a step by step way to implement dhssec using bind9 9.16.23-RH?

What is the best algorithm for ksk and zsk?

Is there, after generating the ksk and zsk keys, automatic rollover of keys and automatic signature of zones from the point of view that technical interaction is no longer necessary for this?

An example:
Zone ....example.com.br<http://example.com.br/> signed!
Zona....one.example.com.br<http://one.example.com.br/> ( to sign this zone ) I need to copy something inside the zone because it is a daughter of the example.com.br<http://example.com.br/> zone.

Thanks.


--
Daniel Majela Galvão
http://br.linkedin.com/pub/daniel-souza/6/1b1/774

(55-012) - 9-8201-9885
(55-012) - 9-9761-1511
(55-012) - 32076909
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20230612/30a67f72/attachment-0001.html>


More information about the dns-operations mailing list