{"id":42990,"date":"2011-05-11T11:01:01","date_gmt":"2011-05-11T09:01:01","guid":{"rendered":"https:\/\/blog.wedos.cz\/?p=42990"},"modified":"2020-09-04T11:09:20","modified_gmt":"2020-09-04T09:09:20","slug":"pripravy-nasazeni-technologie-dnssec","status":"publish","type":"post","link":"https:\/\/blog.wedos.com\/cs\/pripravy-nasazeni-technologie-dnssec","title":{"rendered":"P\u0159\u00edpravy nasazen\u00ed technologie DNSSEC"},"content":{"rendered":"\n

V sou\u010dasn\u00e9 dob\u011b na\u0161i program\u00e1to\u0159i intenzivn\u011b pracuj\u00ed na nasazen\u00ed technologie DNSSEC. Zku\u0161ebn\u00ed provoz p\u0159edpokl\u00e1d\u00e1me v \u010dervnu, ostr\u00fd provoz od \u010dervence.<\/p>\n\n\n\n\n\n\n\n

St\u00e1le v\u00edce na\u0161ich z\u00e1kazn\u00edk\u016f se dotazuje na dostupnost technologie DNSSEC. Nebude to ani tak t\u00edm, \u017ee by ji opravdu cht\u011bli, ale proto\u017ee okolo DNSSEC se rozjelo mnoho informa\u010dn\u00edch kampan\u00ed, a tak kdo nem\u00e1 DNSSEC, tak nen\u00ed „in“.<\/p>\n\n\n\n

V tomto \u010dl\u00e1nku uvedeme n\u00e1\u0161 pl\u00e1n nasazen\u00ed t\u00e9to technologie, v dal\u0161\u00edch \u010dl\u00e1nc\u00edch tak\u00e9 p\u0159ineseme v\u00edce informac\u00ed o samotn\u00e9 technologii (co to je, k \u010demu to je a jak to funguje).<\/p>\n\n\n\n

Prvn\u00edm krokem je podpora DNSSEC na na\u0161ich DNS serverech<\/strong>. Mus\u00edme tedy implementovat podepisov\u00e1n\u00ed z\u00f3nov\u00fdch soubor\u016f pomoc\u00ed DNSSEC kl\u00ed\u010d\u016f, zav\u00e9st evidenci t\u011bchto kl\u00ed\u010d\u016f a za\u0159\u00eddit jejich automatick\u00e9 obm\u011b\u0148ov\u00e1n\u00ed.<\/p>\n\n\n\n

Druh\u00fdm krokem je zp\u0159\u00edstupn\u011bn\u00ed DNSSEC u dom\u00e9n, u kter\u00fdch jsme registr\u00e1torem<\/strong>. Mus\u00edme tedy umo\u017enit, aby si z\u00e1kazn\u00edci mohli u sv\u00e9 dom\u00e9ny nastavit DNSSEC kl\u00ed\u010d. Za\u010dneme nejprve dom\u00e9nou .CZ<\/strong>, pak to budeme postupn\u011b roz\u0161i\u0159ovat o dal\u0161\u00ed koncovky dom\u00e9n z na\u0161\u00ed nab\u00eddky. Uvid\u00edme, jak rychle n\u00e1m to p\u016fjde.<\/p>\n\n\n\n

O\u010dek\u00e1v\u00e1me, \u017ee v\u0161e pot\u0159ebn\u00e9 ud\u011bl\u00e1me v pr\u016fb\u011bhu kv\u011btna. V \u010dervnu pak nab\u00eddneme zku\u0161ebn\u00ed provoz<\/strong> – opravdov\u00ed z\u00e1jemci si budou moci DNSSEC aktivovat, ale zat\u00edm za to neponeseme \u017e\u00e1dnou z\u00e1ruku a m\u016f\u017ee se st\u00e1t, \u017ee se budou v\u011bci je\u0161t\u011b m\u011bnit a upravovat podle toho jak nabereme zku\u0161enosti s provozem. Pokud p\u016fjde v\u0161e dob\u0159e, od \u010dervence bude DNSSEC spu\u0161t\u011bno ofici\u00e1ln\u011b pro v\u0161echny na\u0161e z\u00e1kazn\u00edky<\/strong>.<\/p>\n\n\n\n

DNSSEC u n\u00e1s<\/h2>\n\n\n\n

Tuto technologie bude mo\u017en\u00e9 aktivovat samoz\u0159ejm\u011b pouze u dom\u00e9n, u nich\u017e budeme registr\u00e1torem. Budou existovat 3 mo\u017enosti:<\/p>\n\n\n\n

  1. Dom\u00e9na DNSSEC nepou\u017e\u00edv\u00e1<\/strong><\/li>
  2. Dom\u00e9na DNSSEC pou\u017e\u00edv\u00e1 v kombinaci s na\u0161imi DNS servery<\/strong> – v tomto p\u0159\u00edpad\u011b bude z\u00f3na dom\u00e9ny podeps\u00e1na na\u0161\u00edm kl\u00ed\u010dem a u dom\u00e9ny bude v registru zaveden n\u00e1\u0161 ve\u0159ejn\u00fd DNSSEC kl\u00ed\u010d. Z\u00e1kazn\u00edk si nebude moci nastavit sv\u00e9 vlastn\u00ed kl\u00ed\u010de.<\/li>
  3. Dom\u00e9na DNSSEC pou\u017e\u00edv\u00e1 bez na\u0161ich DNS server\u016f<\/strong> – z\u00e1kazn\u00edk si bude moci u dom\u00e9ny nastavit libovoln\u00fd DNSSEC kl\u00ed\u010d, n\u00e1\u0161 pou\u017e\u00edt nem\u016f\u017ee. O podepisov\u00e1n\u00ed DNS z\u00f3ny se v\u0161ak mus\u00ed na sv\u00fdch DNS serverech postarat s\u00e1m.<\/li><\/ol>\n\n\n\n

    Rozhodli jsme se, \u017ee prozat\u00edm neaktivujeme DNSSEC automaticky v\u0161em dom\u00e9n\u00e1m<\/strong>, kter\u00e9 jsou registrovan\u00e9 u n\u00e1s, jako to d\u011blaj\u00ed jin\u00ed poskytovatel\u00e9. Z\u00e1jemce si tak bude muset DNSSEC aktivovat v z\u00e1kaznick\u00e9 administraci. Ale bude to jen na p\u00e1r kliknut\u00ed, nebude nutn\u00e9 prov\u00e1d\u011bt n\u011bjak\u00e9 slo\u017eit\u00e9 operace \u010di m\u00edt detailn\u00ed znalosti o t\u00e9to technologii.<\/p>\n","protected":false},"excerpt":{"rendered":"

    V sou\u010dasn\u00e9 dob\u011b na\u0161i program\u00e1to\u0159i intenzivn\u011b pracuj\u00ed na nasazen\u00ed technologie DNSSEC. Zku\u0161ebn\u00ed provoz p\u0159edpokl\u00e1d\u00e1me v \u010dervnu, ostr\u00fd provoz od \u010dervence.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[],"class_list":["post-42990","post","type-post","status-publish","format-standard","hentry","category-technologie"],"_links":{"self":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/42990","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/comments?post=42990"}],"version-history":[{"count":1,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/42990\/revisions"}],"predecessor-version":[{"id":42997,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/posts\/42990\/revisions\/42997"}],"wp:attachment":[{"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/media?parent=42990"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/categories?post=42990"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.wedos.com\/cs\/wp-json\/wp\/v2\/tags?post=42990"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}