Configuring DNSSEC
DNSSEC Implementation
How to enable DNSSEC (per zone) via the ProVision GUI
- Set external server for Authenticated Data verification (DNS Admin setting)
- Create/Edit a zone like usual
- Link the zone to a DNS server(s) as needed
- Enable DNSSEC for the zone (image)
- Push zone successfully
- You will now have a “DS Records” section on the zone page (image)
- Upload these values to your Zone Registrar (image - label fields)
- DS Record #, Key Tag, Algorithm, Digest Type, Digest
- Confirm values are saved at the Zone Registrar
- Check DNSSEC status of zone
- ProVision GUI (image)
- DNSSEC column
- Means that DNSSEC has been enabled for the zone
- DS column
- Red X means DS keys have been generated only
- Green AD means DS keys have been generated AND the Authenticated Data has been verified by the external server (DNS Admin setting)
- DNSSEC column
- External sites
- ProVision GUI (image)
For BIND
Coming soon
For DynECT
Coming soon
For Secure64 and PowerDNS
DNSSEC Signatures
In this scenario, 6connect ProVision uses the DNSSEC signing functions of the respective environment we write the zones to.