•
•
•
allow-transfer { 10.0.2.15; }; # Master
allow-transfer { none; }; # Slave
$ apt-get install -y haveged
# cd /etc/bind
# dnssec-keygen -a HMAC-MD5 -b 128 -n HOST masterslave.example.com
# cat > transfer.conf <
key master-slave.example.com. {
algorithm hmac-md5;
secret “hdbgt6573/354s7hiuy==“;
};
END
# echo “include /etc/bind/transfer.conf” >> named.conf
allow-transfer { key master-slave.example.com.; }; # Master
$ dig axfr example.com @10.0.2.4 -k transfer.conf
include /etc/transfer.conf
server 10.0.2.4 {
keys { master-slave.example.com.; };
};
$ dig +short +dnssec NS co.uk
$ dig +short +dnssec DS co.uk
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
cd /var/cache/bind
dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE example.com
dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 2048 -n ZONE
example.com
for k in $(ls K*.key) ; do
echo “\$INCLUDE $k” >> db.example
done
dnssec-signzone -3 5674 -A -N INCREMENT -o example.com -t
db.example
file “db.example.signed”