# # README dnssec zone key tool # # (c) March 2005 - Aug 2014 by Holger Zuleger hznet # (c) domaincmp() Aug 2005 by Karle Boss & H. Zuleger (kaho) # (c) zconf.c by Jeroen Masar & Holger Zuleger # For more information about the DNSSEC Zone Key Tool please have a look at "http://www.hznet.de/dns/zkt/" You can also subscribe to the zkt-users@sourceforge.net mailing list on the following website: https://lists.sourceforge.net/lists/listinfo/zkt-users The ZKT software is licenced under BSD (see LICENCE file) To build the software: a) Get the current version of zkt $ wget http://www.hznet.de/dns/zkt/zkt-1.1.tar.gz b) Unpack $ tar xzvf zkt-1.1.tar.gz c) Change to source directory $ cd zkt-1.1 d) Run configure script $ ./configure e) Compile $ make f) Install # make install # make install-man Prepare your setup: a) (optional) Install or rebuild the default dnssec.conf file $ zkt-conf -d -w # Install new file or $ zkt-conf -s -w # rebuild existing file b) (optional) Change default parameters $ zkt-conf -s -O "Zonedir: /var/named/zones" -w or use your prefered editor $ vi /var/named/dnssec.conf (optional) You'll probably want to have zkt-ls work recursively $ zkt-conf -s -O "Recursive: True" -w c) Prepare one of your zone for zkt $ cd /var/named/zones/net/example.net # change dir to zone directory $ cp <zonefile> zone.db # copy and rename existing zone file to "zone.db" $ zkt-conf -w zone.db # create local dnssec.conf file and include dnskey.db into zone file d) Prepare for initial signing $ cd /var/named/zones/net/example.net $ touch zone.db.signed $ zkt-signer -v -v -o example.net # -o is ORIGIN (i.e. zone name) e) Publish your zone @ add `zone.db.signed' as zone file to your name server @ publish DS contained in `dsset-example.net.' at your zone's parent