[yadifa-users] DNSSEC Support -Yadifa 1.0.3

[Gery Van Emelen]

Hi,


In the reference manual of 1.0.3 on page 26 you find:
	keys-path

This is the only option that you have to add in your zone section.

There’s also the dnssec-mode option, which you can use to make sure that a zone is NSEC or NSEC3.
This option is there for making sure that yadifad will use the correct mode. For example if it finds in the zone file a NSEC resource record and the mode is NSEC3, yadifad will stop. This option is a fail-safe.


example of a zone section with DNSSEC on NSEC:
<zone>
	type master
	domain somedomain.eu
	file masters/somedomain.eu.zone
	dnssec-mode nsec
	keys-path keys/somaindomain.eu
</zone>

Steps:
1. You still need to add the private part of the keys in the keys-path directory.
2. You have to add the public part of the keys in the zone file.
3. You need to sign the zone file.


Regards,

R&D 

— 
Gery Van Emelen
Senior System Developer
 
EURid
Woluwelaan 150    
1831 Diegem - Belgium
TEL: +32 (0) 2 401 2750
MOB:+32 (0) 478 478 098
Gery.VanEmelen at EURid.eu
http://www.eurid.eu


On 20 Aug 2014, at 13:38, vijay bommareddy <vijayb888 at gmail.com> wrote:

> Hi,
> 
> I'm playing with Yadifa lately and was wondering how to enable DNSSEC. Does Yadifa support DNSSEC? If yes, could anybody guide me how to enable it?
> 
> The reference manual does't have much info on it.
> 
> Thanks in advance
> 
> -- 
> Vijay
> _______________________________________________
> yadifa-users mailing list
> yadifa-users at mailinglists.yadifa.eu
> http://www.yadifa.eu/mailman/listinfo/yadifa-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.yadifa.eu/archives/yadifa-users/attachments/20140820/bdb1cb6b/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://www.yadifa.eu/archives/yadifa-users/attachments/20140820/bdb1cb6b/attachment.bin