1,760
edits
Changes
→Investigation 2: Configuring DNSSec on a Recursive Server
*Note that this relies on your server also having the initial key it will use to authenticate the root name servers it communicates with.
*This can be found in /etc/named.root.key.
*These This too are is included by default when you first install bind. If they are it is not there, add the following lines line to your options statement and restart your service:
<source>
include "/etc/named.root.key";
</source>
</li>
<li>Make sure your recursive DNS server is configured to be provide recursive answers to other machines in your network, and that it will allow traffic to udp/tcp port 53.
*All of this should have already been done, so long as you followed the instructions in previous labs, and didn’t deliberately break anything.
</li>
</source>
*Again, note the <b>do </b> and <b>ad </b> flags, along with the RRSIG record (and similar data for the nameservers in the isc.org domain).
</li>
<li>Your server is now able to request DNSSec records from other zones, and authenticate them.</li>