Dnssec: Retrieve Bind Server's Public Key

mpapet · 03-01-2018, 06:46 PM

I've got a FreeIPA version 4.5, Centos 7.x server running their bind+ldap server. I'm a complete dnssec newbie.

My eventual goal is to export the Bind server's public key so I can add it as trust anchors to Microsoft DNS server.

However, I cannot make heads or tails out of how I get the public key out. I assume the key is in the LDAP server as binary data under MYdomain>dns>sec>keys>$longUniqueID>ipaPublicKey. That's all I know.

bathory · 03-02-2018, 05:46 AM

Quote:

My eventual goal is to export the Bind server's public key so I can add it as trust anchors to Microsoft DNS server.

I know nothing about FreeIPA, but from the documentation looks like it behaves like a normal nameserver
Either follow the documentation there (esp. this), or just use:

Code:

dig DNSKEY domain.com +short