blob: a0b0534a2daaca6ee6dff8eb0019007bb9cd906c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
|
@node Migration from other DNS servers, , Knot DNS Configuration Reference, Top
@appendix Migration from other DNS servers
@menu
* Knot DNS for BIND users::
@c * Knot DNS for NSD users::
@c * Knot DNS for PowerDNS users::
@c * Knot DNS for djbdns users::
@end menu
@node Knot DNS for BIND users
@appendixsec Knot DNS for BIND users
@subsection Automatic DNSSEC signing
Migrating automatically signed zones from Bind to Knot DNS is very easy due to
the fact that Knot DNS is able to use DNSSEC keys generated by Bind.
@enumerate
@item
To obtain current content of the zone which is being migrated, request Bind
to flush the zone into the zone file: @code{rndc flush example.com}
Note: If dynamic updates (DDNS) are enabled for the given zone, you might need to
freeze the zone before flushing it. That can be done similarly:
@code{rndc freeze example.com}
@item
Copy the fresh zone file into the zones storage directory of Knot DNS. It's
default location is @code{/var/lib/knot}.
@item
We recommend to store DNSSEC keys for each zone in a separate directory. For
this purpose, create a directory @code{example.com.keys} in zones storage
directory. Then copy all DNSSEC keys (@code{*.key} and @code{*.private}) from
Bind key directory (configured as @code{key-directory}) into the newly
created one.
@item
Add the zone into the Knot DNS configuration file. Zone configuration should
contain at least specification of the zone file (option @code{file}), key
directory (option @code{dnssec-keydir}), and enable automatic DNSSEC signing
(option @code{dnssec-enable}).
You can follow this example:
@example
zones @{
storage "/var/lib/knot";
example.com @{
dnssec-enable on;
dnssec-keydir "example.com.keys";
file "example.com.db";
@}
@}
@end example
@item
Start Knot DNS and check the log files to make sure that everything went right.
@end enumerate
@ignore
@node Knot DNS for NSD users
@appendixsec Knot DNS for NSD users
[TODO]
@node Knot DNS for PowerDNS users
@appendixsec Knot DNS for PowerDNS users
[TODO]
@node Knot DNS for djbdns users
@appendixsec Knot DNS for djbdns users
[TODO]
@end ignore
|
