1# 2# README dnssec zone key tool 3# 4# (c) March 2005 - Aug 2014 by Holger Zuleger hznet 5# (c) domaincmp() Aug 2005 by Karle Boss & H. Zuleger (kaho) 6# (c) zconf.c by Jeroen Masar & Holger Zuleger 7# 8 9For more information about the DNSSEC Zone Key Tool please 10have a look at "http://www.hznet.de/dns/zkt/" 11 12You can also subscribe to the zkt-users@sourceforge.net mailing list 13on the following website: https://lists.sourceforge.net/lists/listinfo/zkt-users 14 15The ZKT software is licenced under BSD (see LICENCE file) 16 17To build the software: 18a) Get the current version of zkt 19 $ wget http://www.hznet.de/dns/zkt/zkt-1.1.tar.gz 20 21b) Unpack 22 $ tar xzvf zkt-1.1.tar.gz 23 24c) Change to source directory 25 $ cd zkt-1.1 26 27d) Run configure script 28 $ ./configure 29 30e) Compile 31 $ make 32 33f) Install 34 # make install 35 # make install-man 36 37 38Prepare your setup: 39a) (optional) Install or rebuild the default dnssec.conf file 40 $ zkt-conf -d -w # Install new file 41 or 42 $ zkt-conf -s -w # rebuild existing file 43 44b) (optional) Change default parameters 45 $ zkt-conf -s -O "Zonedir: /var/named/zones" -w 46 or use your prefered editor 47 $ vi /var/named/dnssec.conf 48 (optional) You'll probably want to have zkt-ls work recursively 49 $ zkt-conf -s -O "Recursive: True" -w 50 51c) Prepare one of your zone for zkt 52 $ cd /var/named/zones/net/example.net # change dir to zone directory 53 $ cp <zonefile> zone.db # copy and rename existing zone file to "zone.db" 54 $ zkt-conf -w zone.db # create local dnssec.conf file and include dnskey.db into zone file 55 56d) Prepare for initial signing 57 $ cd /var/named/zones/net/example.net 58 $ touch zone.db.signed 59 $ zkt-signer -v -v -o example.net # -o is ORIGIN (i.e. zone name) 60 61e) Publish your zone 62 @ add `zone.db.signed' as zone file to your name server 63 @ publish DS contained in `dsset-example.net.' at your zone's parent 64 65