You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Configuring DNSSEC

 

DNSSEC Implementation

How to enable DNSSEC (per zone) via the ProVision GUI

  • Set external server for Authenticated Data verification (DNS Admin setting)
  • Create/Edit a zone like usual
  • Link the zone to a DNS server(s) as needed
  • Enable DNSSEC for the zone (image)
  • Push zone successfully
  • You will now have a “DS Records” section on the zone page (image)
  • Upload these values to your Zone Registrar (image - label fields)
    • DS Record #, Key Tag, Algorithm, Digest Type, Digest
  • Confirm values are saved at the Zone Registrar
  • Check DNSSEC status of zone
    • ProVision GUI (image)
      • DNSSEC column
        • Means that DNSSEC has been enabled for the zone
      • DS column
        • Red X means DS keys have been generated only
        • Green AD means DS keys have been generated AND the Authenticated Data has been verified by the external server (DNS Admin setting)
    • External sites

For BIND

Coming soon

For DynECT

Coming soon

For Secure64 and PowerDNS

DNSSEC Signatures

In this scenario, 6connect ProVision uses the DNSSEC signing functions of the respective environment we write the zones to.

  • No labels