dnssec-trust-anchors.d - Linux
Overview
dnssec-trust-anchors.d
is a directory within /etc
that contains trust anchors for DNSSEC validation. It allows administrators to specify which trust anchors should be used by DNSSEC-validating resolvers on the system.
Syntax
/etc/dnssec-trust-anchors.d/<trust-anchor-file>
where <trust-anchor-file>
is the name of a file containing a trust anchor.
Options/Flags
There are no options or flags.
Examples
A file named example.com.pem
containing a trust anchor for the zone "example.com" can be added to /etc/dnssec-trust-anchors.d
to make it available to DNSSEC-validating resolvers on the system.
# Add a trust anchor for example.com
echo "-----BEGIN TRUSTED CERTIFICATE-----
...
-----END TRUSTED CERTIFICATE-----" > /etc/dnssec-trust-anchors.d/example.com.pem
Common Issues
If a trust anchor file is not in the correct format, it will not be loaded by DNSSEC-validating resolvers. The file should be in PEM format and should contain a single trust anchor certificate.
Integration
dnssec-trust-anchors.d
can be used with other commands and tools to configure DNSSEC validation on a system. For example, it can be used with the systemd-resolve
service to enable DNSSEC validation on a system-wide basis.
Related Commands
dnssec-set-trust-anchor
dnssec-remove-trust-anchor
dnssec-test