Hello, good afternoon. My first post in this list :) I'm running BIND Chroot for many years (currently version 9.8.2) on some old hardware running Oracle Linux 6. I believe it was last year when I was reading about implementing DNSSEC, and I think I've even tried to generate a keypair in the slowest server, which after more than a day, wasn't ready yet. Maybe I was doing something wrong, I honestly don't know. So now I had some time and reading about this again.
If I query either of my servers about my domain: dig @dns di.ubi.pt DNSKEY I do get the DNSKEY, but I have no records when querying about +dnssec. My topdomain (ubi.pt) doesn't have DNSSEC yet either. my named.conf already has the following: dnssec-enable yes; dnssec-validation auto; dnssec-lookaside auto; bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; Outside the configuration file I also have a /etc/named.root.key My questions: 1) Will my old servers (1GB RAM) become much slower with DNSSEC? Is it worth it? 2) I have one global "hosts" file and 3 reverse zone files, each for the respective IP network. Can I use the same Keypair in all of them? 3) Are the files /etc/named.root.key file and /etc/named.iscdlv.key already being used? I compared them to the result of the DNSKEY dig query but they are different. Thank you so much for your time! Best regards Os melhores cumprimentos David Alexandre M. de Carvalho --------------------------------------- Especialista de Informática Departamento de Informática Universidade da Beira Interior _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users