Dnssec配置命令:
dnssec-keygen -a DSA -b 768 -n ZONE secv6.your.domain
dnssec-signzone -o secv6.your.domain secv6.your.domain
说明:DNSSEC主要依靠公钥技术对于包含在DNS中的信息创建密码签名。密码签名通过计算出一个密码hash数来提供DNS中数据的完整性,并将该hash 数封装进行保护。私/公钥对中的私钥用来封装hash数,然后可以用公钥把hash数译出来。如果这个译出的hash值匹配接收者刚刚计算出来的hash树,那么表明数据是完整的。不管译出来的hash数和计算出来的hash数是否匹配,对于密码签名这种认证方式都是绝对正确的,因为公钥仅仅用于解密合法的hash数,所以只有拥有私钥的拥有者可以加密这些信息。
文件清单3 var/named/master/localhost.zone
| // localhost.zone Allows for local communications // using the loopback interface $TTL 86400 $ORIGIN localhost. @ 1D IN SOA @ root ( 42 ; serial (d. adams) 3H ; refresh 15M ; retry 1W ; expire 1D ) ; minimum 1D IN NS @ 1D IN A 127.0.0.1 |
文件清单4 /var/named/master/localhost.rev
| // localhost.rev Defines reverse DNS lookup on // loopback interface $TTL 86400 $ORIGIN 0.0.127.in-addr.arpa. @ IN SOA 0.0.127.in-addr.arpa. hostmaster.secv6.your.domain. ( 42 ; Serial number (d. adams) 3H ; Refresh 15M ; Retry 1W ; Expire 1D ) ; Minimum NS ns.secv6.your.domain. MX 10 noah.ip6.your.domain. PTR localhost. |
文件清单5 /var/named/master/secv6.rev
| // secv6.rev Defines reverse lookup for secv6 // domain in A6 format $TTL 86400 $ORIGIN secv6.arpa. @ IN SOA secv6.arpa. hostmaster.secv6.your.domain. ( 2002011442 ; Serial number (yyyymmdd-num) 3H ; Refresh 15M ; Retry 1W ; Expire 1D ) ; Minimum NS ns.secv6.your.domain. MX 10 noah.your.domain. ; fec0:0:0:1::/64 $ORIGIN \[xfec0000000000001/64].secv6.arpa. \[x0250b7fffe1435d0/64] 1D IN PTR pc2.secv6.your.domain. \[x0250b9fffe000131/64] 1D IN PTR pc3.secv6.your.domain. \[x0250b7fffe143617/64] 1D IN PTR pc6.secv6.your.domain. \[x0250b7fffe1435c4/64] 1D IN PTR pc4.secv6.your.domain. \[x0250b7fffe14361b/64] 1D IN PTR pc5.secv6.your.domain. \[x0250b7fffe14365a/64] 1D IN PTR pc7.secv6.your.domain. \[x0250b9fffe00012e/64] 1D IN PTR pc1.secv6.your.domain. |
文件清单6. /var/named/master/secv6.int
| // secv6.int Defines reverse lookup for secv6 // domain in AAA format $TTL 86400 $ORIGIN secv6.int. @ IN SOA secv6.int. hostmaster.secv6.your.domain. ( 2002011442 ; Serial number (yyyymmdd-num) 3H ; Refresh 15M ; Retry 1W ; Expire 1D ) ; Minimum NS ns.secv6.your.domain. MX 10 noah.your.domain. ; fec0:0:0:1::/64 $ORIGIN 1.0.0.0.0.0.0.0.0.0.0.0.0.c.e.f.secv6.int. 0.d.5.3.4.1.e.f.f.f.7.b.0.5.2.0 IN PTR pc2.secv6.your.domain. e.2.1.0.0.0.e.f.f.f.9.b.0.5.2.0 IN PTR pc1.secv6.your.domain. 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0 IN PTR pc1.secv6.your.domain. 1.3.1.0.0.0.e.f.f.f.9.b.0.5.2.0 IN PTR pc3.secv6.your.domain. 7.1.6.3.4.1.e.f.f.f.7.b.0.5.2.0 IN PTR pc6.secv6.your.domain. 4.c.5.3.4.1.e.f.f.f.7.b.0.5.2.0 IN PTR pc4.secv6.your.domain. b.1.6.3.4.1.e.f.f.f.7.b.0.5.2.0 IN PTR pc5.secv6.your.domain. |
【责编:Zenghui】 |
相关文章
相关产品和培训
文章评论
专题推荐
今日更新
认证培训
频道精选
您现在的位置: 
佚名 
2008-4-25 
