Some registrars does not support DS records and then you will have to submit the public keys instead of DS records
Follow the instructions below to submit ZSK and KSK to SIDN
1. Get the ZSK and KSK :
* In cPanel, the keys are located under /var/named/KSK and /var/named/ZSK
Example : /var/named/KSK/Ktestdomain.com.+008+24421.key
: /var/named/ZSK/Ktestdomain.+008+57669.key
* In Plesk, the keys are located under /var/named/chroot/var/KSK & /var/named/chroot/var/ZSK
or /var/named/run-root/var/KSK & /var/named/run-root/var/ZSK
2. Get the key part from the ZSK and KSK.
The ZSK looks like below:
testdomain.com. IN DNSKEY 256 3 8 AwEAAe+Bf/9gb6VttcH3PMGK882gYsBbJZM9fmpabm1UPy61pFhHYbeD zFk7VFqRJYV7YX+qt+BmOGIx5VkrFDPpEInTlr0fK3daNU+NI720eiXz BqmUHhMivCNgGcIsJ1RssnCNVZ3rL+M/DVP/zY33baIKNV73/8odOgCl upQUI3Bn
here, "AwEAAe+Bf/9gb6VttcH3PMGK882gYsBbJZM9fmpabm1UPy61pFhHYbeD zFk7VFqRJYV7YX+qt+BmOGIx5VkrFDPpEInTlr0fK3daNU+ NI720eiXz BqmUHhMivCNgGcIsJ1RssnCNVZ3rL+M/DVP/zY33baIKNV73/8odOgCl upQUI3Bn" is the ZSK
KSK looks like below:
testdomain.com. IN DNSKEY 257 3 8 AwEAAfCrDuxo5Qxm7lN4rep9j9a+b3w0yyL+2LTAfnZm6EB6UKEgnKAq F9yFxl5QI4BWOnVTrGqp8igG/1TxpSpyRdl9cbSsKHFHy8haITxR4R57 MCK87voFURE2/J1d9MMuFkv6/g4Gfkr6tS9Jvo+HsKx+KAD6Kv9vWgHY fhyWiomLvVWR4k5vMxiU+i5IdqoOk+mGz+jDO/NUW/POuGahtY1U2BuS PU6fRZFz6r+QXkvA51VAhb6dn4/BlYieX9k1N73iDDNm8kCO58T1CSm7 80oybQI0srdW6TJN1Cja58v5m/om8gOaQJXKi7Dz/uZvkbMQMSPpx8Y0 Lj1vTywoBkc=
here, "AwEAAfCrDuxo5Qxm7lN4rep9j9a+b3w0yyL+2LTAfnZm6EB6UKEgnKAq F9yFxl5QI4BWOnVTrGqp8igG/1TxpSpyRdl9cbSsKHFHy8h aITxR4R57 MCK87voFURE2/J1d9MMuFkv6/g4Gfkr6tS9Jvo+HsKx+KAD6Kv9vWgHY fhyWiomLvVWR4k5vMxiU+i5IdqoOk+mGz+jDO/NUW/POuGahtY1U2BuS PU6fRZFz6r+QXkvA51VAhb 6dn4/BlYieX9k1N73iDDNm8kCO58T1CSm7 80oybQI0srdW6TJN1Cja58v5m/om8gOaQJXKi7Dz/uZvkbMQMSPpx8Y0 Lj1vTywoBkc=" is the KSK
3. Login to SIDN, and under DNSSEC options, choose any number as Keytag. Example : 45334
flag : ZSK
Algorithm : RSA/SHA-256(8)
Public Key : Paste the ZSK
Add a new entry and
flag : KSK
Algorithm : RSA/SHA-256(8)
Public Key : Paste the KSK
That's it. Now wait till the DNS data is updated and after that you should be able to validate DNSSEC