How do I set up DNSSEC for my domain?

vweiss
2021-04-16 12:20

We offer various options for setting up and activating DNSSEC for your domain. Here we would like to explain the various options to you:

Automatic DNSSEC mode
Note: The automatic mode only works for domains that use the INWX name servers. If you use your own or external name servers, please do not use this function or your domain will be no longer accessible after activation!

  1. In your customer area, click on the menu item 'DNSSEC' in the left side menu.
  2. Click the 'Add DNSSEC' button on the right above the overview.
  3. In the 'Domain' field, enter the name of the domain that you want to secure with DNSSEC.
  4. Leave the 'automatic mode' option checked and click 'Save'.
  5. The DNS zone is now signed and DNSSEC is enabled for your domain. You will receive a further confirmation by email. Activation is now complete.

Set up DNSSEC manually
If you operate your own name server, provide our name server with DNS entries via a hidden primary server or use external name servers from a provider of your choice, you can set up DNSSEC manually. If necessary, ask your name server operator for the DNSSEC key for your domain!

  1. In your customer area, click on the menu item 'DNSSEC' in the left sidemenu.
  2. Click on the 'Add DNSSEC' button on the right above the overview.
  3. In the 'Domain' field, enter the name of your domain that you want to secure with DNSSEC.
  4. Deactivate the 'automatic mode' option. Two more fields appear for entering 'DNSKEY' and 'DS' (Digest).
    • Note: Some domain extensions only support DNSKEY and not DS as the DNSSEC method.
      If you are not sure which DNSSEC type your domain supports, we recommend setting it up with DNSKEY.
      Then leave the option 'Auto calculate digest' activated
  5. In the following we explain the structure of the respective entries. Values that you need to adjust are indicated in curly brackets.
    • The syntax of the DNSKEY is as follows:
      {example.com}. IN DNSKEY 257 3 {ALG} {PUBKEY}
      example.com: your domain name
      ALG: algorithm
      PUBKEY: the public key
    • The syntax of the DS (Digest) is as follows:
      {example.com}. IN DS {KEYTAG} {ALG} {TYP} {DIG}
      example.com: your domain name
      KEYTAG: the key tag ID of the digest
      ALG: algorithm
      TYPE: the type of digest
      DIG: the digest itself (public digest)
      • Note 1: If you want to insert several DS (Digest), please enter them individually. Multiple DSs cannot be processed at the same time.
        In this case, repeat the process several times.
      • Note 2: The period after your domain name is not an error. This is used for scheduling and must also be specified.
      • Note 3: Only the KSK (Key Signing Key) is required for the DNSKEY. You can recognize the KSK by the flag: 257
  6. Now save the entries by clicking on 'Save'. The keys you entered will now be activated for your domains.
    As soon as the process is completed (duration: approx. 10 to 15 minutes), you will receive a confirmation by email. If errors occur while typing, the status of the key is marked as 'Delayed'. In this case, please contact our support.

 

Tags: DNSSEC, Nameserver
Average rating: 0 (0 Votes)

You cannot comment on this entry