Versions Compared

Old Version 4

changes.mady.by.user The Force

Saved on

compared with

New Version 5

changes.mady.by.user Pete Sclafani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Table of Contents

 

Note
titleDNSSEC ImplementationEnabling DNSSEC for a zone via ProVision GUI

How to enable DNSSEC (per zone) via the ProVision GUI

  • Make sure DNSSEC is enabled on the DNS server(s) you will be pushing zones to (see below)
  • Set external server for Authenticated Data verification (DNS Admin setting)
  • Create/Edit a zone like usual
  • Link the zone to a DNS server(s) as needed
  • Enable DNSSEC for the zone (image)
  • Push zone successfully
  • You will now have a “DS Records” section on the zone page (image)
  • Upload these values to your Zone Registrar (image - label fields)
    • DS Record #, Key Tag, Algorithm, Digest Type, Digest
  • Confirm values are saved at the Zone Registrar
  • Check DNSSEC status of zone
    • ProVision GUI (image)
      • DNSSEC column
        • Means that DNSSEC has been enabled for the zone
      • DS column
        • Red X means DS keys have been generated only
        • Green AD means DS keys have been generated AND the Authenticated Data has been verified by the external server (DNS Admin setting)
    • External sites

For BIND

...

server(s)

To enable DNSSEC on BIND9 you need to modify named.conf.options with following parameters in the options { } section:

Code Block
dnssec-enable yes:
dnssec-validation yes:
dnssec-lookaside auto;

These parameters may already be enabled in some Linux distributions by default, so please confirm before making changes.Coming soon

For DynECT

Coming soon

For Secure64 and PowerDNS

...