[네임서버] dnssec 적용 관련
1. my-domain.re.kr
키생성
/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 2048 -n ZONE -f KSK my-domain.re.kr.
/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 1024 -n ZONE my-domain.re.kr.
서명
/usr/local/bind/sbin/dnssec-signzone -S -3 96e920 -A -K /var/named/mydomainkey -f /var/named/my-domain.re.kr-zone.signed -o my-domain.re.kr. /var/named/my-domain.re.kr-zone
2. re.kr
키생성
/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 2048 -n ZONE -f KSK re.kr.
/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 1024 -n ZONE re.kr.
서명
/usr/local/bind/sbin/dnssec-signzone -S -3 96e920 -A -K /var/named/rekey -f /var/named/re.zone.signed -o re.kr. /var/named/re.zone
3. kr
키생성
/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 2048 -n ZONE -f KSK kr.
/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 1024 -n ZONE kr.
서명
/usr/local/bind/sbin/dnssec-signzone -S -3 96e920 -A -K /var/named/krkey -f /var/named/kr.zone.signed -o kr. /var/named/kr.zone
4. ROOT
키생성
/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 2048 -n ZONE -f KSK .
/usr/local/bind/sbin/dnssec-keygen -a NSEC3RSASHA1 -r /dev/urandom -b 1024 -n ZONE .
서명
/usr/local/bind/sbin/dnssec-signzone -S -3 96e920 -A -K /var/named/rootkey -f /var/named/root.zone.signed -o . /var/named/root.zone