Čia matote skirtumus tarp pasirinktos versijos ir esamo dokumento.
Both sides previous revision Previous revision Next revision | Previous revision | ||
dnssec [2014/06/30 13:42] dalius |
dnssec [2014/08/05 13:46] (esamas) |
||
---|---|---|---|
Linija 1: | Linija 1: | ||
- | * dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE example.com | + | <code> |
- | * dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE example.com | + | dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE example.com |
- | * | + | dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE example.com |
- | * for key in `ls Kexample.com*.key` | + | |
- | * do | + | for key in `ls Kexample.com*.key` |
- | * echo "\$INCLUDE $key">> example.com.zone | + | do |
- | * done | + | echo "\$INCLUDE $key">> example.com.zone |
- | * | + | done |
- | * | + | |
- | * dnssec-signzone -3 <salt> -A -N INCREMENT -o <zonename> -t <zonefilename> | + | |
- | * dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o example.com -t example.com.zone | + | dnssec-signzone -3 <salt> -A -N INCREMENT -o <zonename> -t <zonefilename> |
+ | dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o example.com -t example.com.zone | ||
+ | |||
+ | TLSA $ openssl x509 -noout -fingerprint -sha256 < /path/to/your/certificate/file | tr -d : | ||
+ | |||
+ | https://www.huque.com/bin/gen_tlsa | ||
+ | </code> |