Hi ALL.
I am embarrassed because of "DLV DNSSEC" correspondence of nsd.
I
1.Make Keys "KSK"
$ dnssec-keygen -r /dev/urandom -f KSK -a RSASHA256 -b 2048 -n ZONE hoge.fuga > ksk-hoge.fuga
2.Make Keys "ZSK"
$ dnssec-keygen -r /dev/urandom -a RSASHA256 -b 1024 -n ZONE hoge.fuga > zsk-hoge.fuga
3.ZSK.key is registered in https://dlv.isc.org/.
Return
dlv.hoge.fuga. 0 IN TXT "DLV:1:*******"
4.Write hoge.fuga.zone
Hi ALL.
I am embarrassed because of "DLV DNSSEC" correspondence of nsd.
I
1.Make Keys "KSK"
$ dnssec-keygen -r /dev/urandom -f KSK -a RSASHA256 -b 2048 -n ZONE hoge.fuga > ksk-hoge.fuga
2.Make Keys "ZSK"
$ dnssec-keygen -r /dev/urandom -a RSASHA256 -b 1024 -n ZONE hoge.fuga > zsk-hoge.fuga
3.ZSK.key is registered in https://dlv.isc.org/.
Return
dlv.hoge.fuga. 0 IN TXT "DLV:1:*******"
4.Write hoge.fuga.zone
a message of 50 lines which said:
6. Write nsd.conf
-----------------------------------
key:
name: mskey
algorithm: ???
secret: "???"
I'm not sure I understand your question. Once the zone file is signed,
nsd has nothing more to do. (My personal zone is signed, inserted into
ISC DLV and served with NSD 3.)
The 'key:' block has nothing to do with DNSSEC and it is there just to
describe TSIG keys (typically used to secure zone transfers).
Thanks Stephane!
I had made a mistake NO.4 NO.5
I was able to confirm "Status=Good" by ISC's DLV Registry.
4.Write hoge.fuga.zone