Bind sebagai resolver saya coba implementasikan DNSSEC di FreeBSD1. Buat direktori untuk
key & private file:# mkdir /etc/namedb/key
# cd /etc/namedb/key
# dnssec-keygen -f KSK -a RSASHA1 -b2048 -n ZONE example.com
# dnssec-keygen -a RSASHA1 -b 768 -n ZONE example.com
*.key ke file db domain zone:# cd /etc/namedb/
# cat key/Kexample.com.+005+*.key >> master/example.com.db
db domain zone, sehingga terbetuk file example.com.db.signed di direktori master
# dnssec-signzone -o example.com -k Kexample.com.+005+15439.key ../master/example.com.db Kexample.com.+005+26382.keynamed.conf untuk menggunakan db domain yang telah di signed
zone "example.com" {
type master;
file "master/example.com.db.signed"
}fingerprint bisa dicoba dengan command# cd /etc/namedb/master/
# dnssec-dsfromkey -1 -f example.com.db.signed example.com example.com. IN DS 51367 5 1 527EE9DED3B1DC3F7FE9C7F3CE08E8E56674D6A8# dig +dnssec +short example.com
A 5 2 3600 20140411175317 20140312175317 26382 example.com. hmBbAz1245O6tVLuXjnlKLqCH0JKguISPn3vTPI+ju8Kp8aBcgTI10tTQ7gtm5Xe7KJn60ggLnPIpnQN0GpVD5APbnOnsXi4QL0YKxJDp+yVcXbryG0svDaYaGtixhEp
Tidak ada komentar:
Posting Komentar