Manualshelf

DNS Configuration and Management Manual (G06.27+, H06.05+, J06.03+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
31323334353637383940
BIND 9.x on the NonStop Server
HP DNS Configuration and Management Manual529432-003
2-14
IPv6 Address Support
dnssec-keygen prints the basename of the files to which it writes the generated keys
on the terminal. The public key is written to the file basename.key. The private key is
written to the file basename.private.
dnssec-signzone—DNSSEC zone signing tool
dnssec-signzone signs a zone file. It generates NSEC and RRSIG records and
produces a signed version of the zone file. If the zone’s parent produces a signed-key
file (output of dnssec-signkey), the parent's signatures are incorporated into the
generated signed zone file. The security status of delegations from the signed zone
(that is, whether the child zones are secure) is determined by the presence or absence
of a signed key file for each child zone.
The -o option specifies the origin in the zone data file. The last argument is the zone
file name which is db.myzone.com.in in this case. The output would be a signed
zone file named db.myzone.com.in.signed.
For more information about the syntax and use of DNSSEC tools, refer to the OSS
man pages. (See Table 2-1, OSS Commands to Access man Pages, on page 2-3 for
guidance in accessing the man pages.)
IPv6 Address Support
Current support for the storage of Internet addresses in the Domain Name System is
not easily extended to support IPv6 addresses since most applications still assume
that address queries return 32-bit IPv4 addresses only. To support the storage of IPv6
addresses, several new resource record types are defined.
A new domain is defined to support lookups based on address. Existing queries that
perform additional section processing to locate IPv4 addresses are redefined to
perform additional section processing on both IPv4 and IPv6 addresses. The changes
are designed to be compatible with existing software. The existing support for IPv4
addresses is retained.
Configuring named to support IPv6
By default, a BIND 9.x name server does not listen for IPv6 based queries. To
configure it to listen on the local host's IPv6 network interfaces, use the listen-on-
v6 option in the configuration file.
Example 2-13. dnssec-signzone
$> dnssec-signzone -o example.com. db.myzone.com.in