Setting up DNSSEC on Bind9

There may be a "better" way to do it, but this is what eventually worked for me. This page will exist as a guide for if I need to re-install bind at any point in the future.

Creating keys

dnssec-keygen -a ECDSAP256SHA256 -n ZONE
dnssec-keygen -a ECDSAP256SHA256 -fKSK -n ZONE

Signing zone

dnssec-signzone -A -3 $(head -c 2048 /dev/urandom | shasum -a 256 | cut -b 1-16) -N INCREMENT -o -t ../

Next steps

Anton McClure /
Last modified: Sat Oct 23 19:16:54 EDT 2021

Copyright © 2021, Anton McClure. All Rights Reserved.