[Berlin-wireless] ignition stage 1

[Marlen Caemmerer]

Hey,

since I added the DNSSEC and this is my first time I did this:

I read https://bind9.readthedocs.io/en/latest/dnssec-guide.html

But I basically had to add 2 lines of config

This is the complete named.conf section:

zone "freifunk.net" {
         type master;
         file "/etc/bind/db.freifunk.net";
         notify yes;
         allow-transfer { weimarnetz; werner; ffmuc; };
         dnssec-policy default;
         inline-signing yes;
};


I added the last two lines, restarted bind and issued rndc reconfig.

The secondary DNS servers dont need any configuration.

Since I read you need entropy I installed haveged before doing this.

It is a default Debian stable.
If I have to update records it is: edit the zone, update the serial as usual, do rndc reload.

After this you have to find the place where you tell your domain provider to update the DS Key for the registrar (here I guess ICANN for .net).

I tested with dnsviz.net.

Thanks Adam for answering all the questions I had before I felt able to do this.



Cheers
 	nosy