Bind

A quick guide about how to migrate a signed zone from dnssec-tools to OpenDNSSEC.

Some time ago, I wrote a post about using dnssec-tools for managing an authoritative name server in CentOS, now I’m going to extend it to cover their usage in a Fedora system.

First of all, I’m going to use the latest versions which currently is not in the repositories. Download the source rpm, recompile and install the rpms: $ mock -r fedora-19-x86_64 dnssec-tools-2.0-1.fc18.src.rpm # yum install /var/lib/mock/fedora-19-x86_64/result/*rpm

The configuration of bind as authoritative name server /etc/named.conf:

I’m going to explain how to implement DNSSEC in CentOS, using Bind as authoritative name server and the dnssec-tools utilities. To deploy DNSSEC, your parent zone must be signed, you can check it here.

The main reference for this post is in the dnssec-tools Wiki: https://www.dnssec-tools.org/wiki/index.php/Authoritative_Server