1-make-anchor.sh


1
2
3
4
5
6
7
8
9
10
11
12

#!/bin/bash

cd work

# Generate a key that will be used to sign the keys
# In out scenatio this will be used as a trusted root
dnssec-keygen -f KSK -a ECDSA384 -b 4096 -n ZONE .
cp *.key ../anchor.key
dnssec-dsfromkey *.key > ../anchor.ds

# Generate a key that will be used to sign records
dnssec-keygen -a ECDSA384 -b 4096 -n ZONE .