> 1. Generated KSK and ZSK > 2. Add both of keys at the end of my zone file > 3. signing my zone with dnssec-signzone command > 4. enable dnssec in named options > 5. change the name of my zone in the named by namezone.signed > 6. I got the root DNSKEY RR set before with dig command and redirect the > outpout in root-dnskey file > 7. I turned the DNSKEY into DS RR set also, with dnssec-dsfromkey command.
Also consider simplifying the process as follows: 1. Generate KSK and ZSK, setting timing metadata so that they are published and active. See dnssec-keygen and dnssec-settime. 2. Place the key files in a key directory on your server. 3. Add to your zone configuration: key directory "<path to key files>"; auto-dnssec maintain; 4. Generate DS records and provide them to your registrar. Jeffry A. Spain Network Administrator Cincinnati Country Day School _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users