• • • allow-transfer { 10.0.2.15; }; # Master allow-transfer { none; }; # Slave $ apt-get install -y haveged # cd /etc/bind # dnssec-keygen -a HMAC-MD5 -b 128 -n HOST masterslave.example.com # cat > transfer.conf named.conf allow-transfer { key master-slave.example.com.; }; # Master include /etc/transfer.conf server 10.0.2.4 { keys { master-slave.example.com.; }; }; $ dig +short +dnssec NS co.uk $ dig +short +dnssec DS co.uk dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; cd /var/cache/bind dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE example.com dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 2048 -n ZONE example.com for k in $(ls K*.key) ; echo “\$INCLUDE $k” >> db.example done dnssec-signzone -3 5674 -A -N INCREMENT -o example.com -t db.example file “db.example.signed” • • • • • • ... @10.0 .2. 4 -k transfer.conf include /etc/transfer.conf server 10.0 .2. 4 { keys { master-slave.example.com.; }; }; $ dig +short +dnssec NS co.uk $ dig +short +dnssec DS co.uk dnssec-enable yes; dnssec-validation... yes; dnssec-validation yes; dnssec-lookaside auto; cd /var/cache/bind dnssec-keygen -a NSEC3RSASHA1 -b 20 48 -n ZONE example.com dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 20 48 -n ZONE example.com for...• • • allow-transfer { 10.0 .2. 15; }; # Master allow-transfer { none; }; # Slave $ apt-get install -y haveged # cd /etc/bind # dnssec-keygen -a HMAC-MD5 -b 128 -n HOST masterslave.example.com