https://miek.nl/tags/signing/ Recent content in Signing on Miek Gieben Hugo en-us © Copyright 2007-2024 Miek Gieben Sat, 03 Aug 2019 08:10:10 +0000 https://miek.nl/2019/august/03/a-working-sign-plugin-in-coredns/ Sat, 03 Aug 2019 08:10:10 +0000 https://miek.nl/2019/august/03/a-working-sign-plugin-in-coredns/ <p>This <em>sign</em> plugin is working! I&rsquo;m running it live for miek.nl on my servers to test it out. (See <a href="https://github.com/coredns/coredns/tree/dnssec-file/plugin/sign">this branch</a> or <a href="https://github.com/coredns/coredns/tree/master/plugin/sign">this one</a> after it is merged into master.)</p> <p>To use the <em>sign</em> plugin, I only need a few extra lines in my Corefile:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-txt" data-lang="txt"><span style="display:flex;"><span>miek.nl { </span></span><span style="display:flex;"><span> file /var/lib/coredns/db.miek.nl.signed </span></span><span style="display:flex;"><span> sign /etc/coredns/zones/miek.nl { </span></span><span style="display:flex;"><span> key file /etc/coredns/zones/keys/Kmiek.nl.+008+33694 </span></span><span style="display:flex;"><span> directory /var/lib/coredns </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><p>This resigns the miek.nl zone ever so often. Logging will tell you what&rsquo;s happening with your zonefile. In this case this it skips signing:</p>