Hello Richard. Thank you very much. Yesterday I accessed a website that talks about KASP. Basically it's creating a policy and I think I'll study it, I think the use of policies is the future of bind9.
Thanks for your return. Em seg., 12 de jun. de 2023 às 14:57, Richard T.A. Neal < [email protected]> escreveu: > Hi Daniel, > > > > I also wrote a Beginner’s Guide for DNSSEC using BIND9 here: > > https://www.talkdns.com/articles/a-beginners-guide-to-dnssec-with-bind-9/ > > > > I hope that helps, > > > > Richard. > > > > *From:* dns-operations <[email protected]> *On Behalf > Of *daniel majela > *Sent:* Monday, June 12, 2023 2:37 PM > *To:* [email protected] > *Subject:* [dns-operations] (no subject) > > > > Hello... > My name is Daniel Majela and if possible I would like some help to > implement DNNSEC on my servers. > > Today I have 3 recursive and authoritative servers. > My external authoritative zones are copied to 2 DNS servers that are in > the DMZ. > > My first question is if there is a step by step way to implement dhssec > using bind9 9.16.23-RH? > > What is the best algorithm for ksk and zsk? > > Is there, after generating the ksk and zsk keys, automatic rollover of > keys and automatic signature of zones from the point of view that technical > interaction is no longer necessary for this? > > An example: > Zone ....example.com.br signed! > Zona....one.example.com.br ( to sign this zone ) I need to copy something > inside the zone because it is a daughter of the example.com.br zone. > > Thanks. > > > > > > -- > > Daniel Majela Galvão > http://br.linkedin.com/pub/daniel-souza/6/1b1/774 > > (55-012) - 9-8201-9885 > (55-012) - 9-9761-1511 > (55-012) - 32076909 > -- Daniel Majela Galvão http://br.linkedin.com/pub/daniel-souza/6/1b1/774 (55-012) - 9-8201-9885 (55-012) - 9-9761-1511 (55-012) - 32076909
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
