So, recently I had to update some stuff in my zone and I kept wondering why they weren’t picked up on the internet.
\nI just remembered that I have DNSSEC enabled. So I need to do something .. not just change the .zone file.<\/p>\n
The line needed to regenerate the .signed zone based on my clear text zone is:<\/p>\n
I should probably get the time to make a post on how to actually generate the signing keys and stuff. A nice tutorial I’ve used is How To Setup DNSSEC on an Authoritative BIND DNS Server<\/a><\/p>\n","protected":false},"excerpt":{"rendered":" So, recently I had to update some stuff in my zone and I kept wondering why they weren’t picked up on the internet. I just remembered that I have DNSSEC enabled. So I need to do something .. not just change the .zone file. The line needed to regenerate the .signed zone based on my … Continue reading Signing a DNS ISC bind \/ named zone for DNSSEC<\/span>
\ndnssec-signzone -A -3 $(head -c 1000 \/dev\/urandom | sha1sum | cut -b 1-16) -N INCREMENT -o asandu.eu -t asandu.eu.zone
\n<\/code><\/p>\n
\nBasically, I have my KSK ( Key signing key ) and ZSK ( Zone signing key ) public and private key in the zone dir with the right permissions. The above overwrites the old signed zone.<\/p>\n