Configuring DNSSEC
DRAFT - working on this and will be adding some images/visuals...
Note |
---|
title | Enabling DNSSEC for a zone via ProVision GUI |
---|
|
How to enable DNSSEC (per zone) via the ProVision GUI - Make sure DNSSEC is enabled on the DNS server(s) you will be pushing zones to (see below)
- Set external server for Authenticated Data verification (DNS Admin setting)
- Create/Edit a zone like usual
- Link the zone to a DNS server(s) as needed
- Enable DNSSEC for the zone (image)
- Push zone successfully
- You will now have a “DS Records” section on the zone page (image)
- Upload these values to your Zone Registrar (image - label fields)
- DS Record #, Key Tag, Algorithm, Digest Type, Digest
- Confirm values are saved at the Zone Registrar
- Check DNSSEC status of zone
- ProVision GUI (image)
- DNSSEC column
- Means that DNSSEC has been enabled for the zone
- DS column
- Red X means DS keys have been generated only
- Green AD means DS keys have been generated AND the Authenticated Data has been verified by the external server (DNS Admin setting)
- External sites
|
...