Looking for a Bind 9.16 DNSSEC tutorial

ohreally · Sep 13, 2021

Hello everyone.

Could someone recommend a good tutorial on setting up DNSSEC with Bind 9.16?
ISC appears to change the entire process with every minor version update of 9.x, but can't seem to be bothered to decently document it.
And the tutorials I've found so far are outdated and/or incomplete.

I'd like to learn

how to set up a primary DNS server for example.com, with DNSSEC
how to set up a secondary DNS server for example.com, with DNSSEC
how to generate the data that I need to send to my registrar (DS + DNSKEY)
what to do if I need to add/delete/modify a record

I've read somewhere that all I need to do is add "dnssec-policy default;" to the zone, but if I do, my secondary won't pick up any changes, so there must be more to it.

So I'd really appreciate a step-by-step guide, if anyone knows one.

Thanks in advance.

Rob

DutchDaemon · Sep 13, 2021

This should get you well on your way.

ohreally · Sep 13, 2021

Thanks, I'll look at that.
But it is over 7 years old, so if anyone has anything more recent...
The way Bind develops currently, I'm kind of afraid to end up with a configuration that's obsolete as soon as I type :wq ...

jasonhirsh · Nov 18, 2023

ok its been a couple of years... the reference guide doesn't really seem appropriate to FreeBSD. The specified file location are off even more the the usual translate from /etc. to /usr/locate/etc...

Datapanic · Nov 18, 2023

This one is okay: https://bind9.readthedocs.io/en/latest/dnssec-guide.html

Looking for a Bind 9.16 DNSSEC tutorial

ohreally

DutchDaemon

Administrator

ohreally

jasonhirsh

Datapanic