Hello, good afternoon.
My first post in this list :)
I'm running BIND Chroot for many years (currently version 9.8.2) on some old
hardware running Oracle Linux 6.
I believe it was last year when I was reading about implementing DNSSEC, and I
think I've even tried to generate a
keypair in the slowest server, which after more than a day, wasn't ready yet.
Maybe I was doing something wrong, I
honestly don't know. So now I had some time and reading about this again.
If I query either of my servers about my domain:
dig @dns di.ubi.pt DNSKEY
I do get the DNSKEY, but I have no records when querying about +dnssec. My
topdomain (ubi.pt) doesn't have DNSSEC yet
either.
my named.conf already has the following:
dnssec-enable yes;
dnssec-validation auto;
dnssec-lookaside auto;
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
Outside the configuration file I also have a /etc/named.root.key
My questions:
1) Will my old servers (1GB RAM) become much slower with DNSSEC? Is it worth
it?
2) I have one global "hosts" file and 3 reverse zone files, each for the
respective IP network. Can I use the same
Keypair in all of them?
3) Are the files /etc/named.root.key file and /etc/named.iscdlv.key already
being used? I compared them to the result
of the DNSKEY dig query but they are different.
Thank you so much for your time!
Best regards
Os melhores cumprimentos
David Alexandre M. de Carvalho
---------------------------------------
Especialista de Informática
Departamento de Informática
Universidade da Beira Interior
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
