Setting up DNSSEC on Bind9
There may be a "better" way to do it, but this is what eventually
worked for me. This page will exist as a guide for if I need to
re-install bind at any point in the future.
dnssec-keygen -a ECDSAP256SHA256 -n ZONE example.com
dnssec-keygen -a ECDSAP256SHA256 -fKSK -n ZONE example.com
dnssec-signzone -A -3 $(head -c 2048 /dev/urandom | shasum -a 256 | cut -b 1-16) -N INCREMENT -o example.com -t ../example.com.zone
- Set paths in named.conf to .signed file;
- Restart named;
Sat Oct 23 19:16:54 EDT 2021
All Rights Reserved.