Management console

Inspect and push DS records for every level in the chain of trust. The root holds DS for the TLDs; each TLD holds DS for its delegations. The group DS-push form (for students) lives on each group's topology page.

root `.` checking…

authoritative server10.10.0.5

manages DS forlab., test.

Currently published DS

loading…

TLD `lab.` checking…

authoritative server10.10.0.10

manages DS forgrp1.lab … grp6.lab

Currently published DS

loading…

TLD `test.` checking…

authoritative server10.10.0.11

manages DS forexample.test

Currently published DS

loading…

One-command bootstrap (wire the whole chain automatically)

Wait for BIND to generate keys on each signed zone (root, lab., test., example.test.), then harvest every child's DNSKEY, compute its DS, push it to the parent, and install the root KSK as trust anchor in every resolver. Run this once after docker compose up -d.

./tools/bootstrap-dnssec.sh

Management console

root . checking…

TLD lab. checking…

TLD test. checking…

root `.` checking…

TLD `lab.` checking…

TLD `test.` checking…