Dnssec on Apuntes de root

OpenDNSSEC

jorti@pm.me (Juan Orti Alcaine) — Tue, 28 Jul 2015 00:00:00 +0000

A quick guide about how to migrate a signed zone from dnssec-tools to OpenDNSSEC.

dnssec-tools and bind authoritative name server in Fedora

jorti@pm.me (Juan Orti Alcaine) — Mon, 30 Sep 2013 00:00:00 +0000

Some time ago, I wrote a post about using dnssec-tools for managing an authoritative name server in CentOS, now I’m going to extend it to cover their usage in a Fedora system.

First of all, I’m going to use the latest versions which currently is not in the repositories. Download the source rpm, recompile and install the rpms: $ mock -r fedora-19-x86_64 dnssec-tools-2.0-1.fc18.src.rpm # yum install /var/lib/mock/fedora-19-x86_64/result/*rpm

The configuration of bind as authoritative name server /etc/named.conf:

Bind authoritative name server with DNSSEC in CentOS 6

jorti@pm.me (Juan Orti Alcaine) — Thu, 09 May 2013 00:00:00 +0000

I’m going to explain how to implement DNSSEC in CentOS, using Bind as authoritative name server and the dnssec-tools utilities. To deploy DNSSEC, your parent zone must be signed, you can check it here.

The main reference for this post is in the dnssec-tools Wiki: https://www.dnssec-tools.org/wiki/index.php/Authoritative_Server

Configure Unbound DNSSEC resolver in OpenWrt

jorti@pm.me (Juan Orti Alcaine) — Thu, 20 Dec 2012 00:00:00 +0000

After realizing that my ISP (ONO) was hijacking the NXDOMAIN DNS responses, I decided to improve the security of the DNS queries for my entire LAN using DNSSEC.

I choosed to replace dnsmasq for unbound in my OpenWrt router. These are the steps I followed.

First I installed the required packages:

# opkg update # opkg install unbound unbound-anchor unbound-control unbound-control-setup unbound-host

As dnsmasq is also the DHCP server, I’m not going to disable it, only change the DNS port to 5353. In /etc/config/dhcp