CPU boost (single core bis 1.4GHz)
Setzt BIOS version > v4.9.0.2 voraus
System: Settings: Tunables
hint.p4tcc.0.disabled="1"
hint.acpi_throttle.0.disabled="1"
hint.acpi_perf.0.disabled="1"
multi queue processing
System: Settings: Tunables
legal.intel_igb.license_ack="1"
hw.igb.rx_process_limit="-1"
hw.igb.tx_process_limit="-1"
named.conf
options {
.....
dnssec-validation auto;
dnssec-enable yes;
key-directory "/usr/local/etc/namedb/key";
};
Zonendefinition anpassen:
zone "example.ch" {
type master;
file "/usr/local/etc/namedb/master/example.ch";
allow-query { any; };
allow-transfer { slaves; };
notify yes;
update-policy local; auto-dnssec maintain; dnssec-secure-to-insecure yes; inline-signing yes;
};
Keys erstellen
mkdir /usr/local/etc/namedb/key
cd /usr/local/etc/namedb/key
dnssec-keygen -a RSASHA256 -b 2048 -a ECDSAP256SHA256 -3 example.ch
dnssec-keygen -a RSASHA256 -b 2048 -a ECDSAP256SHA256 -3 -fk example.ch
chown -R bind:bind /usr/local/etc/namedb/key
rndc loadkeys example.ch
rndc signing -nsec3param 1 0 10 `od -Anone -tx4 -N4 /dev/urandom` example.ch
Keys anzeigen
rndc signing -list example.ch # Show signing status
Done signing with key 65481/NSEC3RSASHA1
Done signing with key 58725/ECDSAP256SHA256
Zonen ändern
rndc freeze example.ch
edit /usr/local/etc/namedb/master/example.ch
rndc thaw example.ch