본문 바로가기

네임서버

[네임서버] dnssec 적용 관련

반응형

dnssec 적용 관련

 

 

1. my-domain.re.kr

키생성

/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 2048 -n ZONE -f KSK my-domain.re.kr.

/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 1024 -n ZONE my-domain.re.kr.

서명

/usr/local/bind/sbin/dnssec-signzone -S -3 96e920 -A -K /var/named/mydomainkey -f /var/named/my-domain.re.kr-zone.signed -o my-domain.re.kr. /var/named/my-domain.re.kr-zone

2. re.kr

키생성

/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 2048 -n ZONE -f KSK re.kr.

/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 1024 -n ZONE re.kr.

서명

/usr/local/bind/sbin/dnssec-signzone -S -3 96e920 -A -K /var/named/rekey -f /var/named/re.zone.signed -o re.kr. /var/named/re.zone

3. kr

키생성

/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 2048 -n ZONE -f KSK kr.

/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 1024 -n ZONE kr.


서명

/usr/local/bind/sbin/dnssec-signzone -S -3 96e920 -A -K /var/named/krkey -f /var/named/kr.zone.signed -o kr. /var/named/kr.zone


4. ROOT

키생성

/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 2048 -n ZONE -f KSK .

/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 1024 -n ZONE .

서명

/usr/local/bind/sbin/dnssec-signzone -S -3 96e920 -A -K /var/named/rootkey -f /var/named/root.zone.signed -o . /var/named/root.zone

 

 

 

 

728x90
반응형