# Looking for a Bind 9.16 DNSSEC tutorial



## ohreally (Sep 13, 2021)

Hello everyone.

Could someone recommend a good tutorial on setting up DNSSEC with Bind 9.16?
ISC appears to change the entire process with every minor version update of 9.x, but can't seem to be bothered to decently document it.
And the tutorials I've found so far are outdated and/or incomplete.

I'd like to learn

how to set up a primary DNS server for _example.com_, with DNSSEC
how to set up a secondary DNS server for _example.com_, with DNSSEC
how to generate the data that I need to send to my registrar (DS + DNSKEY)
what to do if I need to add/delete/modify a record
I've read somewhere that all I need to do is add "_dnssec-policy default;_" to the zone, but if I do, my secondary won't pick up any changes, so there must be more to it.

So I'd really appreciate a step-by-step guide, if anyone knows one.

Thanks in advance.

Rob


----------



## DutchDaemon (Sep 13, 2021)

This should get you well on your way.


----------



## ohreally (Sep 13, 2021)

Thanks, I'll look at that.
But it is over 7 years old, so if anyone has anything more recent...
The way Bind develops currently, I'm kind of afraid to end up with a configuration that's obsolete as soon as I type _:wq_ ...


----------

