- [Show pagesource]
- [Old revisions]
- [[unknown link type]]
- []
This is an old revision of the document!
Table of Contents
Nejdulezitejsi utilita ''dig' se nachazi v debianu v netradicne pojmenovanem baliku bez pomlcky
apt-get install dnsutils
Rozdilne odpovedi na spatne podepsanou (zfalsovanou) domenu www.rhybar.cz
dig +dnssec +multi www.rhybar.cz dig +cd +dnssec +multi www.rhybar.cz
BIND9
- filipika proti prilisnemu vztahu bind9 a rfc
- otazka kdo ma delat replikaci zon?
powerdns
Zneuziti zony pescomnet.cz
Todle me bude stat vice nez jednoho panaka…
dnssec-keygen -a RSASHA1 -b1024 -r /dev/urandom -f KSK pescomnet.cz Kpescomnet.cz.+005+10531 dnssec-keygen -a RSASHA1 -b512 -r /dev/urandom pescomnet.cz Kpescomnet.cz.+005+63687
-rw-r--r-- 1 root bind 212 2014-09-02 22:24 Kpescomnet.cz.+005+10531.key -rw------- 1 root bind 937 2014-09-02 22:24 Kpescomnet.cz.+005+10531.private -rw-r--r-- 1 root bind 126 2014-09-02 22:26 Kpescomnet.cz.+005+63687.key -rw------- 1 root bind 549 2014-09-02 22:26 Kpescomnet.cz.+005+63687.private
Klice pridame do bezneho zonoveho souboru
cat Kpescom*key >> pescomnet.cz
A podepiseme:
dnssec-signzone pescomnet.cz Verifying the zone using the following algorithms: RSASHA1. Zone signing complete: Algorithm: RSASHA1: ZSKs: 1, KSKs: 1 active, 0 revoked, 0 stand-by pescomnet.cz.signed
linux/skoleni/dns.1409692249.txt.gz · Last modified: 2014/09/02 23:10 by admin