Create DNSSEC keys

To enable dnssec for your dns entries, use the following commands.
Create first a Key Signing Key (KSK) and zone sign key (ZSK) by using the following commands:

dnssec-keygen -r /dev/random -f KSK -a RSASHA1 -b 2048 -n ZONE example.net
dnssec-keygen -r /dev/random -a RSASHA1 -b 1024 -n ZONE example.net

Now you are ready to sign your DNS zone with the following command:

dnssec-signzone -l dlv.isc.org -o example.net -k Kexample.net.+005+kskid example.net.db Kexample.net.+005+zskid.key

The DS record dsset-example.net. should be published in the .net zone, to get a trust of anchor. The dns-signzone command has to be repeated every 30days or everytime the dns zone is changed.
 

Interesting links

http://dnssec.tv/

http://www.dnssecmonitor.org/index.php

http://dnssec-debugger.verisignlabs.com

https://dlv.isc.org/about/using