View Single Post
  #8   (View Single Post)  
Old 30th January 2010
Knobee Knobee is offline
Real Name: Alan Clegg
New User
 
Join Date: Jan 2010
Location: Apex, NC, USA
Posts: 9
Default

Quote:
Originally Posted by mayuka View Post
Yes, thanks. The original tutorial i've found was yours I think.

I've found another one here: URL deleted.

I did everything that was mentioned in the tutorial. So... I configured it? It's so easy?
It's really quite simple once you understand the bits required to make it work (as with all things computer related, eh?)

If you'd like, send me your named.conf (again, e-mail address in .pdf linked above) and I'll let you know what I see.

Here is a validating recursive server configuration that I use on a WD NAS device (Worldbook?) here at my house:

Code:
include "/opt/etc/named/trusted-keys";

options {
	directory "/opt/etc/named";
        dnssec-enable yes;
        dnssec-validation yes;
	listen-on-v6 { any; };
	
	notify no;

        dnssec-lookaside . trust-anchor dlv.isc.org.;
        zone-statistics yes;
};
The "trusted-keys" file contains:

Code:
trusted-keys {

dlv.isc.org. 257 3 5 "BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2
	brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+
	1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5
	ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk
	Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM
	QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt
	TDN0YUuWrBNh";
};
This allows me to validate all DNSSEC signed zones that have published their DS records (actually DLV records, but they are pretty much identical) in the ISC DLV registry.

I'm going to be teaching a DNS and BIND class next week, followed by a DNSSEC class the week after in California, so I can't promise how quickly I'll be able to respond, but please do e-mail me if you have questions...

Look around the ISC.org website if you are interested in more information on DNS, DNSSEC, or the classes that we teach...

Knobee
Reply With Quote