[Opendnssec-user] Step by step Ubuntu 10.10 - signs zone but queries don't work (reformatted)

Derek Brodeur dazednkonfused at gmail.com
Fri Mar 9 05:31:49 UTC 2012


Add ppa repository
sudo add-apt-repository ppa:pkg-opendnssec/ppa
sudo apt-get update
Ubuntu Software center:
Sudo apt-get install libldns1
Sudo apt-get install rubygems
Sudo apt-get install dnsruby
Sudo apt-get install ruby-dev
Sudo apt-get install libopenssl-ruby
Sudo apt-get install sqlite3
Sudo apt-get install Libsqlite3-dev
Sudo apt-get install opendnssec
-------------------------------------------------
Sudo apt-get install libbotan-1.10-0
Sudo apt-get install sofths

Sudo chmod –R 755 /etc/softhsm
Sudo chmod –R 755 /var/lib/softhsm
softhsm --init-token --slot 0 --label OpenDNSSEC
Pw=1234, pw=1234
-------------------------------------------------
Sudo chmod –R 755 opendnssec
Sudo nano /etc/opendnssec/kasp.xml
Comment out <NSEC3>---through---</NSEC3>
Add <NSEC></NSEC> below it
Go down to <zone> section, change unixtime ? datecounter

Sudo nano /etc/opendnssec/conf.xml
Remove comments surrounding the first respository - softHSM
NOTE: tokenlabel value must match what was previously used when
initializing the token (Ex: OpenDNSSEC)
-------------------------------------------------
Ods-ksmutil setup
Y at the warning
Sudo nano /etc/bind/named.conf.local
In zone example.com add:
Allow-transfer { 127.0.0.1;};
Sudo rndc reconfig
Sudo chmod 755 /var/lib/opendnssec
Copy your unsigned zone file into the unsigned folder
sudo ods-ksmutil zone add --zone example.com
-------------------------------------------------
Sudo nano /etc/opendnssec/conf.xml
Remove comment lines surrounding:
“<NotifyCommand>/usr/sbin/rndc reload %zone</NotifyCommand>”
Remove comment lines surrounding:
<Privileges>
<User>opendnssec</User>
<Group>opendnssec</Group>
</Privileges>
Cd /etc
Sudo chown –R opendnssec:opendnssec opendnssec
Cd /var/lib
Sudo chown –R opendnssec:opendnssec opendnssec
cd /etc
Sudo chmod –R 777 softhsm

-------------------------------------------------
Sudo adduser opendnssec softhsm
Sudo chown -R opendnssec /var/lib/softhsm/
Sudo nano /etc/bind/named.conf.options
Add “dnssec-enable yes;” in the options
Restart bind
Sudo ods-ksmutil setup
Sudo ods-control start
Sudo ods-sign sign example.com

NOTE: At this point zone in /unsigned gets signed and move to /tmp and
/signconf files are also generated. The zone is signed in /signed but still
unable to fill +dnssec queries.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120309/1c38a9b5/attachment.htm>


More information about the Opendnssec-user mailing list