Snippet from https://www.knot-dns.cz/download/ and https://www.knot-dns.cz/docs/2.x/html/

Change to root

sudo su -

Installation:

add-apt-repository ppa:cz.nic-labs/knot-dns
apt-get update
apt-get install knot

Stop Bind and run Knot ;)

service bind9 stop
service knot start

Configuration of DNSSEC policy for our zone

mkdir -p /var/lib/knot/kasp
cd /var/lib/knot/kasp
keymgr init
keymgr policy add rsa algorithm RSASHA256 zsk-size 1024 ksk-size 2048
keymgr zone add sd policy rsa

edit /etc/knot/knot.conf

server:
    listen: 0.0.0.0@53
    listen: ::@53

log:
  - target: syslog
    any: info

template:
  - id: default
    storage: "/home/sysadm/zones/"
    kasp-db: /var/lib/knot/kasp

key:
  - id: sd_tsig_key
    algorithm: hmac-md5
    secret: PUT_MY_KEY_HERE

  - id: bw_tsig_key
    algorithm: hmac-md5
    secret: PUT_PARTNER_KEY_HERE

acl:
  # allow transfer from your partner slave
  - id: acl_transfer
    address: your.partner.ip.address
    key: sd_tsig_key
    action: transfer

remote:
  # define ip address of your partner master
  - id: my_master
    address: your.partner.ip.address@53
    key: bw_tsig_key
 
zone:
  # master domain
  - domain: sd
    file: "db.sd"
    acl: acl_transfer
    dnssec-signing: on

  # slave zone
  - domain: bw
    master: my_master

Reload

service knot reload
Last modified 5 years ago Last modified on Jun 2, 2016, 1:08:52 PM