dnssec
Syntax
dnssec {
disable;
dlv {
domain-name domain-name trusted-anchor trusted-anchor;
}
secure-domains domain-name;
trusted-keys {
(key dns-key | load-key-file url);
}
Hierarchy Level
[edit system services dns]
Description
Configure domain name service security extensions (DNSSEC) in the DNS server. DNSSEC is an extension of DNS that provides authentication and integrity verification of data by using public-key-based signatures.
Options
| disable | Disable DNSSEC.
|
| secure-domains [domain-name] | Configure one or more secure domains in the DNS server. The server accepts only signed responses for this domain. For unsigned responses, the server returns SERVFAIL error to the client. |
The remaining statements are explained separately. Search for a statement in CLI Explorer or click a linked statement in the Syntax section for details.
Required Privilege Level
system—To view this statement in the configuration.
system-control—To add this statement to the configuration.
Release Information
Statement introduced in Release 10.2 of Junos OS.