1. my-domain.re.kr
키생성
/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 2048 -n ZONE -f KSK my-domain.re.kr.
/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 1024 -n ZONE my-domain.re.kr.
서명
/usr/local/bind/sbin/dnssec-signzone -S -3 96e920 -A -K /var/named/mydomainkey -f /var/named/my-domain.re.kr-zone.signed -o my-domain.re.kr. /var/named/my-domain.re.kr-zone
2. re.kr
키생성
/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 2048 -n ZONE -f KSK re.kr.
/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 1024 -n ZONE re.kr.
서명
/usr/local/bind/sbin/dnssec-signzone -S -3 96e920 -A -K /var/named/rekey -f /var/named/re.zone.signed -o re.kr. /var/named/re.zone
3. kr
키생성
/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 2048 -n ZONE -f KSK kr.
/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 1024 -n ZONE kr.
서명
/usr/local/bind/sbin/dnssec-signzone -S -3 96e920 -A -K /var/named/krkey -f /var/named/kr.zone.signed -o kr. /var/named/kr.zone
4. ROOT
키생성
/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 2048 -n ZONE -f KSK .
/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 1024 -n ZONE .
서명
/usr/local/bind/sbin/dnssec-signzone -S -3 96e920 -A -K /var/named/rootkey -f /var/named/root.zone.signed -o . /var/named/root.zone
'네임서버' 카테고리의 다른 글
| [네임서버] DNSSEC 설정 및 적용 (0) | 2013.06.21 |
|---|---|
| [네임서버] bind view 설정 시 rndc 명령어 (0) | 2013.06.21 |
| bind named.conf 파일 소유권 오류 (loading configuration: permission denied) (0) | 2013.06.21 |
| DNS 질의 시 TIMEOUT 시간 계산 방법 (0) | 2013.06.21 |
| [error] named: initgroups(): Operation not permitted (0) | 2013.06.20 |
