A quick guide about how to migrate a signed zone from dnssec-tools to OpenDNSSEC.
[Read More]dnssec-tools and bind authoritative name server in Fedora
Some time ago, I wrote a post about using dnssec-tools for managing an authoritative name server in CentOS, now I’m going to extend it to cover their usage in a Fedora system.
First of all, I’m going to use the latest versions which currently is not in the repositories. Download the source rpm, recompile and install the rpms: $ mock -r fedora-19-x86_64 dnssec-tools-2.0-1.fc18.src.rpm # yum install /var/lib/mock/fedora-19-x86_64/result/*rpm
The configuration of bind as authoritative name server /etc/named.conf:
Bind authoritative name server with DNSSEC in CentOS 6
I’m going to explain how to implement DNSSEC in CentOS, using Bind as authoritative name server and the dnssec-tools utilities. To deploy DNSSEC, your parent zone must be signed, you can check it here.
The main reference for this post is in the dnssec-tools Wiki: https://www.dnssec-tools.org/wiki/index.php/Authoritative_Server
[Read More]Configure Unbound DNSSEC resolver in OpenWrt
After realizing that my ISP (ONO) was hijacking the NXDOMAIN DNS responses, I decided to improve the security of the DNS queries for my entire LAN using DNSSEC.
I choosed to replace dnsmasq for unbound in my OpenWrt router. These are the steps I followed.
First I installed the required packages:
# opkg update # opkg install unbound unbound-anchor unbound-control unbound-control-setup unbound-host
As dnsmasq is also the DHCP server, I’m not going to disable it, only change the DNS port to 5353. In /etc/config/dhcp