projects
/
mirror
/
dsa-wiki.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
1a3ba3d
)
adjust to reality
author
Martin Zobel-Helas
<zobel@debian.org>
Tue, 16 Feb 2010 21:49:12 +0000
(22:49 +0100)
committer
Martin Zobel-Helas
<zobel@debian.org>
Tue, 16 Feb 2010 21:49:12 +0000
(22:49 +0100)
input/howto/dns.mdwn
patch
|
blob
|
history
diff --git
a/input/howto/dns.mdwn
b/input/howto/dns.mdwn
index
f2e071f
..
0591ccf
100644
(file)
--- a/
input/howto/dns.mdwn
+++ b/
input/howto/dns.mdwn
@@
-1,9
+1,9
@@
# debian.org DNS
# debian.org DNS
-For most zones the hidden primary is
samosa, with rietz, raff and
klecker
-being the public facing secondaries.
+For most zones the hidden primary is
draghi, with ravel, senfl,
klecker
+
and orff
being the public facing secondaries.
-Domain information lives in a git on
samosa
, and pushing to it will cause
+Domain information lives in a git on
draghi
, and pushing to it will cause
the zone to be compiled and reloaded automatically. Repository lives at
ssh://db.debian.org/git/domains.git - public read only mirror available
using http.
the zone to be compiled and reloaded automatically. Repository lives at
ssh://db.debian.org/git/domains.git - public read only mirror available
using http.
@@
-13,3
+13,12
@@
served by the geodns setup on geo1, 2, and 3. They have a seperate repo
ssh://db.debian.org/git/geodomains.git and an entirely seperate workflow.
At least it's consistent.
ssh://db.debian.org/git/geodomains.git and an entirely seperate workflow.
At least it's consistent.
+
+Adding DNSSEC KSK and ZSK for zones is done by running
+/srv/dns.debian.org/bin/maintkeydb with the following options:
+
+./bin/maintkeydb create both NSEC3RSASHA1 default your.ip6.arpa
+
+Use RSASHA1 instead of NSEC3RSASHA1 for IPv4 address space.
+
+After that a "; wzf: dnssec = 1" needs to be added to the zone file.