Re: DNSSEC deployement in an isolated virtual environment

[Greg Choules via bind-users]

Hi Amaury.
You should be able to do this by defining your own trust anchors. This
should explain what you need:
https://bind9.readthedocs.io/en/latest/dnssec-guide.html#trusted-keys-and-managed-keys

Have fun.
Greg

On Sat, 16 Mar 2024 at 13:38, Amaury Van Pevenaeyge <
avanpevenae...@outlook.fr> wrote:

> Hello I'm a student in my last year of the Master in Cybersecurity at ULB.
> As part of my thesis, I'm doing research to develop a DNS Amplification
> scenario that will eventually be deployed within a Cyber Range. I have to
> carry out various measurements and develop different attacks in a virtual
> environment. I've already been able to set up my entire environment in
> VirtualBox for DNS (i.e. without DNSSEC). Now I need to deploy DNSSEC on my
> server. I've managed to generate my key pairs and sign my DNS zones.
> However, when I try to do a dig from my client VM, I get a SERVFAIL. I
> think this is because the chain of trust can't be established, which in my
> case is perfectly normal as I'm in an isolated test environment. So how can
> I deploy DNSSEC correctly so that the chain of trust is not taken into
> account and it works in my virtual environment? I think I know how DNSSEC
> works, but if you also have any clarification to offer, I'd be delighted to
> hear from you. My BIND server runs on an Ubuntu22.04 Jammy Jellyfish VM.
>
> Thanks in advance for your help.
> --
> Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
> from this list
>
> ISC funds the development of this software with paid support
> subscriptions. Contact us at https://www.isc.org/contact/ for more
> information.
>
>
> bind-users mailing list
> bind-users@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

DNSSEC deployement in an isolated virtual environment

[Amaury Van Pevenaeyge]

Hello I'm a student in my last year of the Master in Cybersecurity at ULB. As 
part of my thesis, I'm doing research to develop a DNS Amplification scenario 
that will eventually be deployed within a Cyber Range. I have to carry out 
various measurements and develop different attacks in a virtual environment. 
I've already been able to set up my entire environment in VirtualBox for DNS 
(i.e. without DNSSEC). Now I need to deploy DNSSEC on my server. I've managed 
to generate my key pairs and sign my DNS zones. However, when I try to do a dig 
from my client VM, I get a SERVFAIL. I think this is because the chain of trust 
can't be established, which in my case is perfectly normal as I'm in an 
isolated test environment. So how can I deploy DNSSEC correctly so that the 
chain of trust is not taken into account and it works in my virtual 
environment? I think I know how DNSSEC works, but if you also have any 
clarification to offer, I'd be delighted to hear from you. My BIND server runs 
on an Ubuntu22.04 Jammy Jellyfish VM.

Thanks in advance for your help.
-- 
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from 
this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users