MAGPRO DNS

Русский

You can enable DNSSEC with GOST cryptoalgorithms support (RFC5933). For this, you need to install and configure OpenSSL 1.0.0 and a DNS-server supporting GOST algorithms (either BIND of ISC or Unbound + LDNS + NSD of NLnet Labs).

If you are going to use Unbound + NSD + LDNS you should:

1. Install LDNS, Unbound and NSD by following instructions on the page:
   Installing and using Unbound+LDNS+NSD with DNSSEC and GOST support
   
2. Sign zone files by following instructions on the page:
   Signing zone with «ldns-signzone»
   
3. Test DNSSEC with drill utility. Hints about testing you will find on the page:
   Checking DNSSEC with «drill» utility
   

If you are going to use BIND DNS-server you should:

1. Install patched BIND with GOST cryptoalgorithms support by following instructions on the page:
   Installing and using BIND with DNSSEC and GOST support.
   
2. Sign zone files by following instructions on the page:
   Signing zone with «dnssec-signzone».
   
3. Test DNSSEC with dig utility. Hints about testing you will find on the page:
   Checking DNSSEC with «dig» utility.
   

You will find FAQ on the page:
DNSSEC FAQ