DNSSEC Mastery: Securing the Domain Name System with BIND by Michael W Lucas
Author:Michael W Lucas
Language: eng
Format: epub
Tags: security, linux, bind, bsd, dns, dns security extensions, dnssec, domain name system security extensions
Publisher: Tilted Windmill Press
Creating Keys
Up until now we've talked about keys, looked at keys, and generally poked at them. Now let's actually generate some KSKs and ZSKs with dnssec-keygen. You must specify an algorithm by either name or number, the number of bits, and the zone name. If you're creating a key signing key, you must add the flag for that.
By default, dnssec-keygen creates RSA/SHA-1 keys with 1024-bit ZSKs and 2048-bit KSKs. For all other algorithms, you must specify the number of bits. Get into the habit of including the algorithm and bits on the command line or in your scripts. That way, changing defaults over the years won't surprise you.
To create a key signing key, use the –f ksk option. Specify the algorithm with –a, and the number of bits with –b. You can use the algorithm name instead of the number, removing all punctuation from the name (i.e., RSASHA1 or RSASHA256). For RSA/SHA1-NSEC3-SHA1 keys, add the -3 flag instead of the algorithm name. I prefer using the number rather than typing the whole name. Give the name of the zone as the final argument.
$ dnssec-keygen –f KSK –a 8 –b 2048 zonename
For example, to create a KSK for the zone michaelwlucas.com, I would run:
$ dnssec-keygen -f KSK -a 8 -b 2048 michaelwlucas.com
Generating key pair.................................+++ ............................+++
Kmichaelwlucas.com.+008+48082
This generates two files in the current directory, Kmichaelwlucas.com.+008+48082.key and Kmichaelwlucas.com.+008+48082.private.
Generate your ZSK similarly, but reduce the number of bits and remove the KSK flag.
# dnssec-keygen –a 8 –b 1024 zonename
This generates a 1024-bit RSA/SHA-256 ZSK.
Remember that the user running named must have read access to these files, so make that user the owner of these files. Do not make the key files world-readable.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
What's Done in Darkness by Kayla Perrin(26957)
The Ultimate Python Exercise Book: 700 Practical Exercises for Beginners with Quiz Questions by Copy(20852)
De Souza H. Master the Age of Artificial Intelligences. The Basic Guide...2024 by Unknown(20606)
D:\Jan\FTP\HOL\Work\Alien Breed - Tower Assault CD32 Alien Breed II - The Horror Continues Manual 1.jpg by PDFCreator(20535)
The Fifty Shades Trilogy & Grey by E L James(19454)
Shot Through the Heart: DI Grace Fisher 2 by Isabelle Grey(19376)
Shot Through the Heart by Mercy Celeste(19236)
Wolf & Parchment: New Theory Spice & Wolf, Vol. 10 by Isuna Hasekura and Jyuu Ayakura(17384)
Python GUI Applications using PyQt5 : The hands-on guide to build apps with Python by Verdugo Leire(17351)
Peren F. Statistics for Business and Economics...Essential Formulas 3ed 2025 by Unknown(17179)
Wolf & Parchment: New Theory Spice & Wolf, Vol. 03 by Isuna Hasekura and Jyuu Ayakura & Jyuu Ayakura(17093)
Wolf & Parchment: New Theory Spice & Wolf, Vol. 01 by Isuna Hasekura and Jyuu Ayakura & Jyuu Ayakura(16709)
The Subtle Art of Not Giving a F*ck by Mark Manson(14823)
The 3rd Cycle of the Betrayed Series Collection: Extremely Controversial Historical Thrillers (Betrayed Series Boxed set) by McCray Carolyn(14439)
Stepbrother Stories 2 - 21 Taboo Story Collection (Brother Sister Stepbrother Stepsister Taboo Pseudo Incest Family Virgin Creampie Pregnant Forced Pregnancy Breeding) by Roxi Harding(14211)
Cozy crochet hats: 7 Stylish and Beginner-Friendly Patterns from Baby Beanies to Trendy Bucket Hats by Vanilla Lazy(13491)
Scorched Earth by Nick Kyme(13092)
Reichel W. Numerical methods for Electrical Engineering, Meteorology,...2022 by Unknown(12974)
Drei Generationen auf dem Jakobsweg by Stein Pia(11254)
