Confirmed users
304
edits
Security/DNSSEC-TLS-nginx: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| Line 5: | Line 5: | ||
# Install and set up bind9: | # Install and set up bind9: | ||
## 'apt-get install bind' or bind9 or something | ## 'apt-get install bind' or bind9 or something | ||
## Set up keys and zone files (see [https://www.dnssec-tools.org/wiki/index.php/Sign_Your_Zone here]) | ## Set up keys and zone files (see [https://www.dnssec-tools.org/wiki/index.php/Sign_Your_Zone here]) (NB: for testing purposes, you'll probably want to create an entire fake hierarchy, including root keys. Whatever your root key is, it'll have to be trusted by your client program. For firefox, this means modifying root_keys in security/dnssec/rootkeys.h (the plural there is unintentional and should probably be changed)). | ||
## Make a self-signed certificate | ## Make a self-signed certificate | ||
## Make a TLSA record using [http://hg.mozilla.org/users/dkeeler_mozilla.com/dnssec-tls/file/tip/cert2dane.sh cert2tlsa.sh] (and put this in your zone file) | ## Make a TLSA record using [http://hg.mozilla.org/users/dkeeler_mozilla.com/dnssec-tls/file/tip/cert2dane.sh cert2tlsa.sh] (and put this in your zone file) | ||