Disabling DNSSEC for a domain


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » DNS » DNSSEC

Disabling DNSSEC for a domainLast Modified: Oct 16, 2018, 11:29 pm
DirectAdmin has supported DNSSEC since version 1.44.2, info here:
https://www.directadmin.com/features.php?id=1535

After enabling this for a domain, if you wish to disable DNSSEC, use this guide.

Let's assume you have it enabled for
  1. Edit the named.conf. Change the zone entry for that domain from domain.com.db.signed to domain.com.db
  2. Delete the files:

    /var/named/domain.com.ksk.*
    /var/named/domain.com.zsk.*
    /var/named/domain.com.db.signed

    Note: Debian: use /etc/bind/ or FreeBSD: /etc/namedb/
  3. restart named
  4. Make you you clear the DNSSEC keys from your domain registrar too.

  5. If you're running the Multi-Server Setup, you'll want to push the change over to the remote box. Run this on the master:

    echo 'action=rewrite&value=named&domain=domain.com' >> /usr/local/directadmin/data/task.queue

  6. and confirm the local zone matches the remote zone.
 
Related Helpfiles
Enabling DNSSSEC on your DirectAdmin server

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST