lost and found ( for me ? )

How to install dnssec-tools from source code on CentOS 5.6 64bit.

source RPM of dnssec-tools is a bit old , so I installed the latest dnssec-tools from source code.

[ procedure ]

download source code
install perl modules that are needed for dnssec-tools
compile and install dnssec-tools

[ logs ]

download dnssec-tools-1.9.tar.gz

install perl modules via CPAN that are needed for dnssec-tools ( mandatory )
# perl -MCPAN -e shell
cpan> install Net::DNS Net::DNS::SEC

install perl modules ( optional )
cpan> install Text::Wrap Date::Parse ExtUtils::MakeMaker MailTools Test::Builder String::Diff GraphViz Gtk2 QWizard Getopt::GUI::Long Tk Text::Diff

download and install graphviz ( optional )
# wget http://pkgs.repoforge.org/graphviz/graphviz-2.22.0-4.el5.rf.x86_64.rpm
# rpm -ivh graphviz-2.22.0-4.el5.rf.x86_64.rpm

compile dnssec-tools
# tar xzvf dnssec-tools-1.9.tar.gz
# cd dnssec-tools-1.9
# ./configure --with-ipv6 --with-nsec3

---------------------------------------------------------
      DNSSEC-Tool Validator configuration summary:
---------------------------------------------------------
 system configuration directory : /usr/local/etc
 Validator configuration file: /usr/local/etc/dnssec-tools/dnsval.conf
 NSEC3 support                  : Yes
 DLV support                    : Yes
 IPv6 support                   : Yes
 Thread support                 : Yes
 Developer flags                :
 libval resolver configuration  : /usr/local/etc/dnssec-tools/resolv.conf
 libval root hints              : /usr/local/etc/dnssec-tools/root.hints
---------------------------------------------------------

# make
# make install

configuration file will be stored in /usr/local/etc/dnssec-tools directory.
# head -20 /usr/local/etc/dnssec-tools/dnssec-tools.conf
#
# DNSSEC-Tools Configuration
#

#
# Settings for DNSSEC-Tools administration.
#
admin-email     dnssec-tools@example.com


#
# Paths to needed programs.  These may need adjusting for individual hosts.
#
keyarch         /usr/bin/keyarch
keygen          /usr/local/sbin/dnssec-keygen
rndc            /usr/local/sbin/rndc
zonecheck       /usr/local/sbin/named-checkzone
zonesign        /usr/local/sbin/dnssec-signzone
rollchk         /usr/bin/rollchk
zonesigner      /usr/bin/zonesigner


# zonesigner --algorithm RSASHA256 -genkeys -zone example.jp example.jp.db

       if zonesigner appears hung, strike keys until the program completes
       (see the "Entropy" section in the man page for details)

Generating key pair............++++++ .........++++++
Generating key pair..++++++ ..++++++
Generating key pair......+++ ..............................................+++
Verifying the zone using the following algorithms: RSASHA256.
Zone signing complete:
Algorithm: RSASHA256: KSKs: 1 active, 0 stand-by, 1 revoked
                     ZSKs: 1 active, 1 stand-by, 0 revoked

zone signed successfully

example.jp:
       KSK (cur) 26845  -b 2048  06/21/11      (signing-set-3000000000000000000000000)
       KSK (rev) 57805  -b 2048  06/21/11      (signing-set-3000000000000000000000)
       ZSK (cur) 28494  -b 1024  06/21/11      (signing-set-3000000000000000)
       ZSK (pub) 48498  -b 1024  06/21/11      (signing-set-3000000000000000000)

zone will expire in 4 weeks, 2 days, 0 seconds

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.