How do I set up DNSSEC for my domain?

MBA,SBROCKMANN
2019-11-15 13:10

At INWX we offer you various options to set up and activate DNSSEC for your domain. In the following we would like to explain the different possibilities to you.

Automatic DNSSEC mode

Note: The automatic mode only works for domains that use the INWX name servers. If you use your own or external name servers, please do not use this function. Your domain would no longer be accessible after activation!

  1. Click on the menu item "DNSSEC" in your customer area.
  2. Click on the button "Add DNSSEC" above the overview on the right.
  3. In the "Domain" field, enter the name of the domain you want to secure with DNSSEC.
  4. Keep the option "automatic mode" activated and click "Save".
  5. The DNS zone will now be signed and DNSSEC will be activated for your domain. You will then receive another confirmation e-mail. Activation is now complete.

Setting up DNSSEC manually

If you operate your own name servers, supply our name servers with DNS entries via hidden primary or use external name servers from a provider of your choice, you can set up DNSSEC manually. If necessary, please ask your name server provider for the DNSSEC keys of your domain!

  1. Click on the menu item "DNSSEC" in your customer area on the left.
  2. Click on the button "Add DNSSEC" above the overview on the right.
  3. In the "Domain" field, enter the name of the domain you want to secure with DNSSEC.
  4. Deactivate the "Automatic modus" option. Two further fields appear for entering the "DNSKEY" and the "DS" (Digest).
    • Note: Some extensions only support DNSKEY and not DS as DNSSEC method.
      If you are not sure which DNSSEC type your domain supports, we recommend using DNSKEY.
        Leave the option "Auto calculate digest" activated.
  5. Below we explain the structure of the respective entries. Values you have to adjust are marked in braces.
    • The syntax of the DNSKEY is as follows:
      {beispiel.de}. IN DNSKEY 257 3 {ALG} {PUBKEY}
      beispiel.de: Your domain name
      ALG: Algorithm
      PUBKEY: The public key
    • The syntax of the DS (Digest) is as follows:
      {beispiel.de}. IN DS {KEYTAG} {ALG} {TYP} {DIG}
      beispiel.de: Your domain name
      ALG:  Algorithm
      The Key-Tag ID of the Digest
      TYPE: The type of digest
      DIG: The digest itself (public digest)
      • Note 1: If you want to insert several DS (Digest), please enter them individually. Several DS cannot be processed at the same time.
        In this case, carry out the procedure several times.
      • Note 2: The dot after your domain name is not an error. This is used for termination and is mandatory.
      • Note 3: The DNSKEY only requires the KSK (Key Signing Key). You can recognize the KSK by the flag: 257
  6. Now save the entries by clicking on "Save". Your entered keys will now be activated for your domains.
    As soon as the process is completed (duration: approx. 10 to 15 minutes), you will receive a confirmation e-mail. If errors occur during registration, the status of the key will be marked as "Delayed". In this case, please contact our support.
Tags: DNS, DNSKEY, DNSSEC, DS
Average rating: 5 (1 Vote)

You cannot comment on this entry