[Opendnssec-user] Instalation notes for OpenDNSSEC 1.0a3 on Ubuntu server 8.04.3

Antoin Verschuren Antoin.Verschuren at sidn.nl
Thu Sep 10 10:16:52 UTC 2009

Hash: SHA256

Hi All,

I thought some of you might be interested in my installation notes getting OpenDNSSEC running.
As a typical non-experienced-developer and non-experienced-sysadmin, I managed to get things running.
I've made some additions compared to the current user guide that may be difficult to guess for dummies like me.
Please find the notes attached, I'll discuss with the team if/how we could get these in the user manual.

I have some remarks/questions though:

This was the first time I used OpenDNSSEC to actually sign anything with NSEC3.
Compared to Bind's dnssec-signzone I previously used to sign with NSEC, I see some differences.
Please forgive my ignorant questions:

- -I don't see any commenting of the key-id's in the resulting signed zone for the DNSKEY records.
Though not needed for things to work, I think this is handy for bug tracing. 
Is this an option, or not considered to be implemented at all ?

- -dnssec-signzone signs the DNSKEY RR-set with both KSK as ZSK.
I see in my result from OpenDNSSEC over the DNSKEY RR-set only one RRSIG, assuming that this is the signature from the KSK since the key-id is different from all the other RRSIG's.
Is this difference in behavior documented anywhere ?

Antoin Verschuren

Technical Policy Advisor SIDN
Utrechtseweg 310, PO Box 5022, 6802 EA Arnhem, The Netherlands

P: +31 26 3525500  F: +31 26 3525505  M: +31 6 23368970
mailto:antoin.verschuren at sidn.nl  xmpp:antoin at jabber.sidn.nl  http://www.sidn.nl/

Version: 9.6.3 (Build 3017)


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: opendnssecnotes20090909.txt
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20090910/d5f7d415/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: opendnssecnotes20090909.txt.sig
Type: application/octet-stream
Size: 486 bytes
Desc: not available
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20090910/d5f7d415/attachment.obj>

More information about the Opendnssec-user mailing list