DNSSEC: Difference between revisions

https://zytrax.com/books/dns/

whois islief.com
dig +short NS islief.com
dig +short SOA islief.com

dig +short DS islief.com
dig +short DNSKEY islief.com

dig +short A islief.com
dig +short AAAA islief.com

dig +short MX islief.com

https://www.iana.org/domains/root/servers

https://root-servers.org/

dig +trace +all www.islief.com
dig com @f.root-servers.net
dig islief.com @g.gtld-servers.net

dnssec-settime -I +172800 -D +345600 Kjanmg.com.+005+12332.key
dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE janmg.com
dig A janmg.com. @localhost +noadditional +dnssec +multiline

https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server--2 https://manager.linode.com/dns/domain%5Fslave/janmg%2Ecom

cd /var/bind/
dnssec-keygen -a NSEC3RSASHA1 -b 4096 -n ZONE janmg.com
dnssec-settime -I +172800 -D +345600 Kjanmg.com.+005+12332.key
dig A janmg.com. @localhost +noadditional +dnssec +multiline
dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE janmg.com
sudo vi /etc/bind/zone/janmg.com
sudo service named restart
dnssec-signzone -A -3 $(head -c 1000 /dev/urandom | sha256sum | cut -b 1-16) -N INCREMENT -o janmg.com -t /etc/bind/zone/janmg.com
sudo dnssec-signzone -A -3 $(head -c 1000 /dev/urandom | sha256sum | cut -b 1-16) -N INCREMENT -o janmg.com -z -t /etc/bind/zone/janmg.com

cat /etc/bind/zone/janmg.com

SERIAL=$(/usr/sbin/named-checkzone janmg.com /etc/bind/zone/janmg.com | egrep -ho '[0-9]{10}')
DATE=$(date -u +"%Y%m%d")
if [[ "${SERIAL}" =~ "${DATE}".* ]];
then 
 sed -i 's/'$SERIAL'/'$(($SERIAL+1))'/' /etc/bind/zone/janmg.com
else
 sed -i 's/'$SERIAL'/'${DATE}01'/' /etc/bind/zone/janmg.com
fi

chown named:named /var/bind/K*
chown named:named /etc/bind/zone
tail -f /var/log/named/janmg.log 

sudo dnssec-dsfromkey -2 -f /etc/bind/zone/janmg.com.signed janmg.com

https://account.dyn.com/dns/domain-registration/dnssec.html?name=janmg.com

dig A janmg.com. +noadditional +dnssec +multiline

https://dnssec-debugger.verisignlabs.com/janmg.com