Manualshelf

Operation Manual

ManualsBrandsSuse ManualsSoftwareopenSUSE 12.2
321322323324325326327328329330
15.9 DNS Security
DNSSEC, or DNS security, is described in RFC 2535. The tools available for DNSSEC
are discussed in the BIND Manual.
A zone considered secure must have one or several zone keys associated with it. These
are generated with dnssec-keygen, just like the host keys. The DSA encryption
algorithm is currently used to generate these keys. The public keys generated should
be included in the corresponding zone le with an $INCLUDE rule.
With the command dnssec-signzone, you can create sets of generated keys
(keyset- les), transfer them to the parent zone in a secure manner, and sign them.
This generates the les to include for each zone in /etc/named.conf.
15.10 For More Information
For additional information, refer to the BIND Administrator Reference Manual from
package bind-doc, which is installed under /usr/share/doc/packages/
bind/. Consider additionally consulting the RFCs referenced by the manual and the
manual pages included with BIND. /usr/share/doc/packages/bind/README
.SuSE contains up-to-date information about BIND in openSUSE.
The Domain Name System 311