blob: 639ba6fa0ac9d762f41fad6dc9a5649b2ef8592e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
.. meta::
:description: reStructuredText plaintext markup language
.. _Migration from other DNS servers:
********************************
Migration from other DNS servers
********************************
.. _Knot DNS for BIND users:
Knot DNS for BIND users
=======================
.. _Automatic DNSSEC signing:
Automatic DNSSEC signing
------------------------
Migrating automatically signed zones from Bind to Knot DNS is very
easy due to the fact that Knot DNS is able to use DNSSEC keys
generated by Bind.
1. To obtain current content of the zone which is being migrated,
request Bind to flush the zone into the zone file: ``rndc flush
example.com``.
Note: If dynamic updates (DDNS) are enabled for the given zone, you
might need to freeze the zone before flushing it. That can be done
similarly: ``rndc freeze example.com``
2. Copy the fresh zone file into the zones storage directory of Knot
DNS. It's default location is ``/var/lib/knot``.
3. We recommend to store DNSSEC keys for each zone in a separate
directory. For this purpose, create a directory
``example.com.keys`` in zones storage directory. Then copy all
DNSSEC keys (``*.key`` and ``*.private``) from Bind key directory
(configured as ``key-directory``) into the newly created one.
4. Add the zone into the Knot DNS configuration file. Zone
configuration should contain at least specification of the zone
file (option ``file``), key directory (option ``dnssec-keydir``),
and enable automatic DNSSEC signing (option ``dnssec-enable``).
You can follow this example::
zone:
- domain: "example.com."
file: "example.com.db"
storage: "/var/lib/knot"
dnssec-enable: on
dnssec-keydir: "example.com.keys"
5. Start Knot DNS and check the log files to make sure that everything went right.
|
