Tachtler's DokuWiki

Homepage | Kontakt | Rechtliche Informationen | Impressum

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Zuletzt angesehen:
tachtler:dns_isc_bind_centos_7

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
Nächste Überarbeitung		Vorhergehende Überarbeitung
Nächste ÜberarbeitungBeide Seiten der Revision
tachtler:dns_isc_bind_centos_7 [2019/10/20 11:45] – [/etc/named.root.key] klaustachtler:dns_isc_bind_centos_7 [2019/10/29 05:25] – [/etc/named.conf] klaus
Zeile 1054: Zeile 1054:
         // The pathname of a file to override the built-in trusted keys provided         // The pathname of a file to override the built-in trusted keys provided
         // by named. Path to ISC DLV key.         // by named. Path to ISC DLV key.
-        bindkeys-file "/etc/named.iscdlv.key";+        bindkeys-file "/etc/named.root.key";
         // The pathname of the file the server dumps security roots to when         // The pathname of the file the server dumps security roots to when
         // instructed.         // instructed.
Zeile 1103: Zeile 1103:
         // DLV domain and trust anchor will be used, along with a built-in key for         // DLV domain and trust anchor will be used, along with a built-in key for
         // validation.         // validation.
-        dnssec-lookaside auto;+        // Tachtler - DEPRECATED - Service was shutdown. 
 +        //dnssec-lookaside auto;
  
         // Checks. ---------------------------------------------------------------         // Checks. ---------------------------------------------------------------
Zeile 1395: Zeile 1396:
         // Zone: localhost. -------------------------------------------------------         // Zone: localhost. -------------------------------------------------------
         include "/etc/named.rfc1912.zones";         include "/etc/named.rfc1912.zones";
 +        include "/etc/named.root.key";
  
         // Zone: home.tachtler.net ------------------------------------------------         // Zone: home.tachtler.net ------------------------------------------------
Zeile 1432: Zeile 1434:
         // Zone: localhost. -------------------------------------------------------         // Zone: localhost. -------------------------------------------------------
         include "/etc/named.rfc1912.zones";         include "/etc/named.rfc1912.zones";
 +        include "/etc/named.root.key";
  
         // Zone: home.tachtler.net ------------------------------------------------         // Zone: home.tachtler.net ------------------------------------------------
Zeile 1491: Zeile 1494:
         // Zone: localhost. -------------------------------------------------------         // Zone: localhost. -------------------------------------------------------
         include "/etc/named.rfc1912.zones";         include "/etc/named.rfc1912.zones";
 +        include "/etc/named.root.key";
  
         // Zone: edmz.tachtler.net ------------------------------------------------         // Zone: edmz.tachtler.net ------------------------------------------------
Zeile 1536: Zeile 1540:
         // Zone: localhost. -------------------------------------------------------         // Zone: localhost. -------------------------------------------------------
         include "/etc/named.rfc1912.zones";         include "/etc/named.rfc1912.zones";
 +        include "/etc/named.root.key";
  
         // Zone: tachtler.net (PDMZ) ----------------------------------------------         // Zone: tachtler.net (PDMZ) ----------------------------------------------
Zeile 1552: Zeile 1557:
 // Includes. // Includes.
 // ================================================================================ // ================================================================================
-include "/etc/named.root.key"; 
  
 </code> </code>
Zeile 2506: Zeile 2510:
 <code ini> <code ini>
                 allow-update { key "tachtler.net"; }                 allow-update { key "tachtler.net"; }
 +</code>
 +
 +Für den Inhalt des jeweiligen Zonen-Schlüssels, kann mit nachfolgendem Befehl der Schlüssel ausgegeben werden:
 +<code ini>
 +# cat /etc/Ktachtler.net.+157+19706.private 
 +Private-key-format: v1.3
 +Algorithm: 157 (HMAC_MD5)
 +Key: K3EaOD3IysiC/D7lIXp+4hrYGDLyIq6la9oDBSuH2FMlE4kZ3O1ZFxKS/uS547TN5MHfwG5YvUkYE7gxMHCmCg==
 +Bits: AAA=
 +Created: 20160217132139
 +Publish: 20160217132139
 +Activate: 20160217132139
 +</code>
 +
 +Der Inhalt der Datei sollte dann wie folgt **erweitert** werden:
 +
 +(**Nur relevanter Ausschnitt**)
 +<code ini>
 +...
 +// ================================================================================
 +// Includes.
 +// ================================================================================
 +
 +key "tachtler.net" {
 +    algorithm hmac-md5;
 +    secret "K3EaOD3IysiC/D7lIXp+4hrYGDLyIq6la9oDBSuH2FMlE4kZ3O1ZFxKS/uS547TN5MHfwG5YvUkYE7gxMHCmCg==";
 +};
 +</code>
 +
 +Neu ist hier der Bereich:
 +<code ini>
 +key "tachtler.net" {
 +    algorithm hmac-md5;
 +    secret "K3EaOD3IysiC/D7lIXp+4hrYGDLyIq6la9oDBSuH2FMlE4kZ3O1ZFxKS/uS547TN5MHfwG5YvUkYE7gxMHCmCg==";
 +};
 </code> </code>
  
tachtler/dns_isc_bind_centos_7.txt · Zuletzt geändert: 2021/11/14 14:51 von klaus