DNS Services

Contents:

Previous topic

5.1. Trust Anchors

Next topic

5.3. Modify DNS Profile

Community Training Classes & Labs > DNS Services Index

5.2. DLV Anchors

To cache a validated response for the signed zones, you need to obtain a trust and DLV anchor.

Using Putty, ssh into router01.branch01 and run the following command:

TMSH

dig dnskey dlv.isc.org. | grep 257 > /root/DLVdnskey.txt

dnssec-dsfromkey -f /root/DLVdnskey.txt dlv.isc.org.

../../_images/dlv-cli.png

Navigate to: DNS ›› Caches : Cache List ›› validating-resolver_cache : DLV Anchors

https://router01.branch01.example.com/tmui/Control/jspmap/tmui/dns/cache/trust_anchor/list.jsp?name=%2FCommon%2Fvalidating-resolver_cache&tab=dns_cache_validating_config

../../_images/dlv-add.png

For each line of output from the preceding command create a “DLV Anchor”

../../_images/dlv-add-1.png ../../_images/dlv-final.png 
1
tmsh modify ltm dns cache validating-resolver validating-resolver_cache dlv-anchors replace-all-with { "dlv.isc.org. IN DS 19297 5 1 7D480DBEF530374D8A4333FCB22106EB10013B46" "dlv.isc.org. IN DS 19297 5 2 A11D16F6733983E159EDF8053B2FB57B479D81A309A50EAA79A81AF48A47C617" }
Previous Next