Enabling DNSSSEC on your DirectAdmin server


Enter Your Query:
Use '%' for wildcards and quotes for "exact phrases"


Top Level » DNS » DNSSEC

Enabling DNSSSEC on your DirectAdmin serverLast Modified: Oct 30, 2016, 4:28 pm
DNSSEC is a tool used to verify the validity of a dns lookup.
  • You can enable this feature in DirectAdmin 1.44.1 and newer by typing:

    cd /usr/local/directadmin/scripts
    ./dnssec.sh install

    which should confirm if your named.conf is set, and will enable the dnssec=1 in the directadmin.conf automatically.   If the script thinks you're missing anything from your named.conf, it will tell you what to add.

  • To enable DNSSEC on a domain, go to:

    Admin Level -> DNS Admin -> domain.com

    1. Click "Generate Keys"
    2. then click "Sign"
    3. You should now see values at the bottom of the zone.   Copy the 2 DS records, and paste them into your domain registrar's website.
      A sample DS value might look like this, with the following tags:
      Key TagAlgorithmDigest TypeDigest
      2752951BF698E47B53CC0B887AAF07B84586ABB289E3AAB
      Where spaces are normal in the Digest Type=2, so be sure to paste in the whole Digest value.
  • If you have any subdomains created as full domains, you'll need to follow extra steps to continue the chain of trust up the line into the main domain's zone. For normal subdomains created under a domain, no extra action is required, as they're part of the domain's normal zone.
 
Related Helpfiles
Disabling DNSSEC for a domain
Enabling DNSSEC for a Sub-Domain created as a full domain in DirectAdmin

© 2018 JBMC Software, Suite 173  3-11 Bellerose Drive, St Albert, AB  T8N 1P7  Canada.  Mon-Fri 9AM-5PM MST