Information below is not for the current semester.
The current semester can be found here.
Introduction
Today, we’ll be enabling DNSSEC.
Homework
- Please read the DNSSEC lecture notes.
- There are many good tutorials about NSD and DNSSEC, such as this one from
DigitalOcean.
- Step 1 (NSD setup) should already be done.
- For Step 4, since I’m playing the role of the registrar, please submit your
DS records as
hw/11/00-ds-records. - For Step 5, you obviously won’t be able to use the mentioned tools to verify your DNS setup—use drill. Do not skip this step.
- Since the RRSIGs expire over time, it’s necessary to re-sign the zone from
time to time. Write a shell script which re-signs the zone (submit as
hw/11/01-sign-zones.sh). Don’t forget to increment the serial. Create a systemd Service (submit ashw/11/02-sign-zones.service) and Timer (submit ashw/11/03-sign-zones.timer) units which execute the script regularly. Don’t forget to reload NSD afterwards!
- (100+0 points)
hw/11/04-feedback
- If you have any valuable feedback, please do provide it here.
- Points are only awarded for feedback which is actionable and can be used to improve the quality of the course.
- Any constructive criticism is appreciated (and won’t be weaponized).
(Total = 100+0 points)
Don’t forget to git push all your changes! Also, make sure that VM still
works by the deadline—otherwise we have no way of grading your work.