Setting up dnssec

From PrgmrWiki

cd /etc/bind/keys

/usr/sbin/dnssec-keygen -a RSASHA256 -b 1024 -n ZONE kvm.prgmr.com ; /usr/sbin/dnssec-keygen -a RSASHA256 -b 2048 -n ZONE -f KSK kvm.prgmr.com

Make sure the named.conf.masterzones looks like

zone "serv-o-mat.com" {
 	type master;
	file "/var/lib/bind/serv-o-mat.com.db.";
	allow-transfer {216.218.223.67; localhost; 38.99.2.227; 38.99.2.228;};
	allow-update { key root.xen.prgmr.com.; };
	auto-dnssec maintain;
};

rndc sign serv-o-mat.com

rndc thaw serv-o-mat.com

You might not need a rndc thaw, but you might.

This should set everything up and enable dynamic updates for the zone