How to enable DNSSEC (per zone) via the ProVision GUI

• Set external server for Authenticated Data verification (DNS Admin setting)
• Create/Edit a zone like usual
• Link the zone to a DNS server(s) as needed
• Enable DNSSEC for the zone (image)
• Push zone successfully
• You will now have a “DS Records” section on the zone page (image)
• Upload these values to your Zone Registrar (image - label fields)
  
  • DS Record #, Key Tag, Algorithm, Digest Type, Digest
• Confirm values are saved at the Zone Registrar
• Check DNSSEC status of zone
  
  • ProVision GUI (image)
    
    • DNSSEC column
      • Means that DNSSEC has been enabled for the zone
    • DS column
      • Red X means DS keys have been generated only
      • Green AD means DS keys have been generated AND the Authenticated Data has been verified by the external server (DNS Admin setting)
  • External sites
    • http://dnssec-debugger.verisignlabs.com/
    • http://dnsviz.net/

In this scenario, 6connect ProVision uses the DNSSEC signing functions of the respective environment we write the zones to.