Faster entropy
after haveged is installed /proc/sys/kernel/random/entropy_avail should return something above 1000.
yum install -y epel-release yum install -y rng-tools haveged systemctl enable haveged.service systemctl start haveged.service systemctl status haveged.service cat /proc/sys/kernel/random/entropy_avail cat /dev/random | rngtest -c 1000
Source: NixCraft
Create directory for Keys
mkdir /var/named/keys/ chown root:named /var/named/keys/ chmod u=rwx,g=rx,o= /var/named/keys/ cd /var/named/keys/
Create a Zone Signing Key(ZSK)
cd /var/named/keys/ dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE petabyte.se
Source: Digitalocean
Create a Key Signing Key(KSK)
cd /var/named/keys/
dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE petabyte.seWhat is ZSK / KSK
Add public ZSK and KSK to zone file.
add path to keys to the end of your zonefile.
echo "\$INCLUDE keys/Kpetabyte.se.+007+42528.key" >> se.petabyteecho "\$INCLUDE keys/Kpetabyte.se.+007+55208.key" >> se.petabyte
Sign zonefile
dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o petabyte.se -t se.petabyte