Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 5.3
Section
Column
width50%

Before you start to use OpenDNSSEC in your production environment you must first decide which hardware you going to run on.

When you have a good system to run on, then it is time to install the software that OpenDNSSEC depends on, and finally installing OpenDNSSEC.

Column
width50%
Panel
borderColor#dddddd
borderWidth2
borderStylesolid

On this Page

Table of Contents

Hardware set-up

Here are some short recommendations if you are planning to use OpenDNSSEC with many zones or a single large zone, and where the speed of signing is important.

  • OpenDNSSEC is multi-threaded when it concerns the handling of multiple zone. But it is not currently multi-threaded in the handling of a single zone. So a multi-core machine will not give any benefits if you plan to only run a single large zone.

    Tip

    For handling on a single large zone is is therefore more important to go with a CPU that is fast rather than a CPU with many cores.

  • The OpenDNSSEC signer engine makes backup files to recover your zone data with no loss. These backup files will use up approximately three times the size of the signed zone on the HDD. The zones are also stored in memory. To keep track of updates, OpenDNSSEC maintains a previous, current and a new version of the zone.

Platform support

OpenDNSSEC has been tested on the following platforms:

  • Debian Linux 5.0
  • Mac OS X 10.5
  • NetBSD
  • OpenBSD 4.4
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 6
  • Solaris 10
  • Ubuntu Linux 10.04

Dependencies

OpenDNSSEC depends on a number of open-source packages, all of which must be installed on your system for OpenDNSSEC to build successfully.

The installation of depencencies guide shows which packages are required and how to download/install them.

Note

You also need a Hardware Security Module.

Choose from any vendor that uses the PKCS#11 interface. Or the software-only implementation of an HSM called SoftHSM created by the OpenDNSSEC project. Follow these instructions on how to install SoftHSM.

Pre-built Binaries

You can find information about packages for your operating system here: http://www.opendnssec.org/download/packages/

Obtaining the Source Code

The latest version of OpenDNSSEC can be found as a tarball on  http://www.opendnssec.org

The development (unstable) version of OpenDNSSEC is available from the Subversion repository and can be obtained using the following command:

Code Block
svn co http://svn.opendnssec.org/trunk/OpenDNSSEC OpenDNSSEC

Building & Installing

  1. If you downloaded the tarball then first untar it:

    Code Block
    tar -xzf opendnssec-<VERSION>.tar.gz
    cd OpenDNSSEC

    or if you are working from the repository:

    Code Block
    cd OpenDNSSEC
    sh autogen.sh
  2. Then it is time to configure the build scripts:

    Code Block
     ./configure
    

    You may also need some other options to configure.

    Code Block
      --disable-auditor       Disable auditor build (default enabled)
      --enable-eppclient      Enable eppclient build (default disabled) (experimental)
      --enable-timeshift      For debugging purposes
      --with-database-backend Select database backend (sqlite3|mysql) (default sqlite)
    

    Use the following command to find out which other options that are available:

    Code Block
     ./configure --help
    

    The configure script defaults to --prefix=/usr/local, --sysconfdir=/etc, and --localstatedir=/var

  3. Once configured, build OpenDNSSEC using:

    Code Block
     make
    

    ... and install using ...

    Code Block
     sudo make install
    
    Note

    If the build fails it might be because of a missing software dependency. Please read the error messages carefully.

Post-installation

Depending on operating system, there may be a few additional steps required after installation.

Linux Users Linux users need to rebuild the dynamic linker caches. To do this, issue the command:

Code Block
sudo ldconfig [library-path [library-path ...]]

If OpenDNSSEC or any of the pre-requisites were installed in non-standard directories, the list of library paths should be specified as arguments on the command line.