<div style>Add ppa repository</div><div style>sudo add-apt-repository ppa:pkg-opendnssec/ppa</div><div style>sudo apt-get update</div><div style>Ubuntu Software center:</div><div style>Sudo apt-get install libldns1</div><div style>
Sudo apt-get install rubygems</div><div style>Sudo apt-get install dnsruby</div><div style>Sudo apt-get install ruby-dev</div><div style>Sudo apt-get install libopenssl-ruby</div><div style>Sudo apt-get install sqlite3</div>
<div style>Sudo apt-get install Libsqlite3-dev</div><div style>Sudo apt-get install opendnssec</div><div style>-------------------------------------------------</div><div style>Sudo apt-get install libbotan-1.10-0</div><div style>
Sudo apt-get install sofths</div><div style><br></div><div style>Sudo chmod –R 755 /etc/softhsm</div><div style>Sudo chmod –R 755 /var/lib/softhsm</div><div style>softhsm --init-token --slot 0 --label OpenDNSSEC</div><div style>
Pw=1234, pw=1234</div><div style>-------------------------------------------------</div><div style>Sudo chmod –R 755 opendnssec</div><div style>Sudo nano /etc/opendnssec/kasp.xml</div><div style>Comment out <NSEC3>---through---</NSEC3></div>
<div style>Add <NSEC></NSEC> below it</div><div style>Go down to <zone> section, change unixtime ? datecounter</div><div style><br></div><div style>Sudo nano /etc/opendnssec/conf.xml</div><div style>Remove comments surrounding the first respository - softHSM</div>
<div style>NOTE: tokenlabel value must match what was previously used when initializing the token (Ex: OpenDNSSEC)</div><div style>-------------------------------------------------</div><div style>Ods-ksmutil setup</div><div style>
Y at the warning</div><div style>Sudo nano /etc/bind/named.conf.local</div><div style>In zone <a href="http://example.com/" target="_blank" style="color:rgb(17,85,204)">example.com</a> add:</div><div style>Allow-transfer { 127.0.0.1;};</div>
<div style>Sudo rndc reconfig</div><div style>Sudo chmod 755 /var/lib/opendnssec</div><div style>Copy your unsigned zone file into the unsigned folder</div><div style>sudo ods-ksmutil zone add --zone <a href="http://example.com/" target="_blank" style="color:rgb(17,85,204)">example.com</a></div>
<div style>-------------------------------------------------</div><div style>Sudo nano /etc/opendnssec/conf.xml</div><div style>Remove comment lines surrounding:</div><div style>“<NotifyCommand>/usr/sbin/rndc reload %zone</NotifyCommand>”</div>
<div style>Remove comment lines surrounding:</div><div style><Privileges></div><div style><span style="white-space:pre-wrap"> </span><User>opendnssec</User></div><div style><span style="white-space:pre-wrap"> </span><Group>opendnssec</Group></div>
<div style></Privileges></div><div style>Cd /etc</div><div style>Sudo chown –R opendnssec:opendnssec opendnssec</div><div style>Cd /var/lib</div><div style>Sudo chown –R opendnssec:opendnssec opendnssec</div><div style>
cd /etc</div><div style>Sudo chmod –R 777 softhsm</div><div style><br></div><div style>-------------------------------------------------</div><div style>Sudo adduser opendnssec softhsm</div><div style>Sudo chown -R opendnssec /var/lib/softhsm/</div>
<div style>Sudo nano /etc/bind/named.conf.options</div><div style>Add “dnssec-enable yes;” in the options</div><div style>Restart bind</div><div style>Sudo ods-ksmutil setup</div><div style>Sudo ods-control start</div><div style>
Sudo ods-sign sign <a href="http://example.com/" target="_blank" style="color:rgb(17,85,204)">example.com</a></div><div style><br></div><div style>NOTE: At this point zone in /unsigned gets signed and move to /tmp and /signconf files are also generated. The zone is signed in /signed but still unable to fill +dnssec queries.<br>
</div>