Snippet from https://www.knot-dns.cz/download/ and https://www.knot-dns.cz/docs/2.x/html/
Change to root
sudo su -
Installation:
add-apt-repository ppa:cz.nic-labs/knot-dns apt-get update apt-get install knot
Stop Bind and run Knot ;)
service bind9 stop service knot start
Configuration of DNSSEC policy for our zone
mkdir -p /var/lib/knot/kasp cd /var/lib/knot/kasp keymgr init keymgr policy add rsa algorithm RSASHA256 zsk-size 1024 ksk-size 2048 keymgr zone add sd policy rsa
edit /etc/knot/knot.conf
server: listen: 0.0.0.0@53 listen: ::@53 log: - target: syslog any: info template: - id: default storage: "/home/sysadm/zones/" kasp-db: /var/lib/knot/kasp key: - id: sd_tsig_key algorithm: hmac-md5 secret: PUT_MY_KEY_HERE - id: bw_tsig_key algorithm: hmac-md5 secret: PUT_PARTNER_KEY_HERE acl: # allow transfer from your partner slave - id: acl_transfer address: your.partner.ip.address key: sd_tsig_key action: transfer remote: # define ip address of your partner master - id: my_master address: your.partner.ip.address@53 key: bw_tsig_key zone: # master domain - domain: sd file: "db.sd" acl: acl_transfer dnssec-signing: on # slave zone - domain: bw master: my_master
Reload
service knot reload
Last modified 5 years ago
Last modified on Jun 2, 2016, 1:08:52 PM