How to setup DNSSEC with SIDN

Some registrars does not support DS records and then you will have to submit the public keys instead of DS records

Follow the instructions below to submit ZSK and KSK to SIDN

1. Get the ZSK and KSK :

    * In cPanel, the keys are located under /var/named/KSK and /var/named/ZSK
      Example : /var/named/KSK/Ktestdomain.com.+008+24421.key
                      : /var/named/ZSK/Ktestdomain.+008+57669.key

    * In Plesk, the keys are located under /var/named/chroot/var/KSK & /var/named/chroot/var/ZSK
                                                     or /var/named/run-root/var/KSK & /var/named/run-root/var/ZSK

2. Get the key part from the ZSK and KSK.

The ZSK looks like below:

testdomain.com. IN DNSKEY 256 3 8 AwEAAe+Bf/9gb6VttcH3PMGK882gYsBbJZM9fmpabm1UPy61pFhHYbeD zFk7VFqRJYV7YX+qt+BmOGIx5VkrFDPpEInTlr0fK3daNU+NI720eiXz BqmUHhMivCNgGcIsJ1RssnCNVZ3rL+M/DVP/zY33baIKNV73/8odOgCl upQUI3Bn

here, "AwEAAe+Bf/9gb6VttcH3PMGK882gYsBbJZM9fmpabm1UPy61pFhHYbeD zFk7VFqRJYV7YX+qt+BmOGIx5VkrFDPpEInTlr0fK3daNU+ NI720eiXz BqmUHhMivCNgGcIsJ1RssnCNVZ3rL+M/DVP/zY33baIKNV73/8odOgCl upQUI3Bn" is the ZSK


KSK looks like below:

testdomain.com. IN DNSKEY 257 3 8 AwEAAfCrDuxo5Qxm7lN4rep9j9a+b3w0yyL+2LTAfnZm6EB6UKEgnKAq F9yFxl5QI4BWOnVTrGqp8igG/1TxpSpyRdl9cbSsKHFHy8haITxR4R57 MCK87voFURE2/J1d9MMuFkv6/g4Gfkr6tS9Jvo+HsKx+KAD6Kv9vWgHY fhyWiomLvVWR4k5vMxiU+i5IdqoOk+mGz+jDO/NUW/POuGahtY1U2BuS PU6fRZFz6r+QXkvA51VAhb6dn4/BlYieX9k1N73iDDNm8kCO58T1CSm7 80oybQI0srdW6TJN1Cja58v5m/om8gOaQJXKi7Dz/uZvkbMQMSPpx8Y0 Lj1vTywoBkc=

here, "AwEAAfCrDuxo5Qxm7lN4rep9j9a+b3w0yyL+2LTAfnZm6EB6UKEgnKAq F9yFxl5QI4BWOnVTrGqp8igG/1TxpSpyRdl9cbSsKHFHy8h aITxR4R57 MCK87voFURE2/J1d9MMuFkv6/g4Gfkr6tS9Jvo+HsKx+KAD6Kv9vWgHY fhyWiomLvVWR4k5vMxiU+i5IdqoOk+mGz+jDO/NUW/POuGahtY1U2BuS PU6fRZFz6r+QXkvA51VAhb 6dn4/BlYieX9k1N73iDDNm8kCO58T1CSm7 80oybQI0srdW6TJN1Cja58v5m/om8gOaQJXKi7Dz/uZvkbMQMSPpx8Y0 Lj1vTywoBkc=" is the KSK


3. Login to SIDN, and under DNSSEC options, choose any number as Keytag. Example : 45334
flag : ZSK
Algorithm : RSA/SHA-256(8)
Public Key : Paste the ZSK

Add a new entry and
flag : KSK
Algorithm : RSA/SHA-256(8)
Public Key : Paste the KSK

That's it. Now wait till the DNS data is updated and after that you should be able to validate DNSSEC

 

  • 3 Users Found This Useful
Was this answer helpful?

Related Articles

I have signed my zone using your plugin, now what?

As you know DNSSEC works by following a chain of trust in which "child keys" are validated by...

How to install DNSSEC Manager Standard Edition (cPanel) v1.0.4

Install DNSSEC Manager Standard Edition (cPanel) v1.0.4 * Login to your remote cPanel server via...

Introduction to DNSSEC

DNSSEC adds authentication to Domain Name System to make the system more secure. The Domain Name...

Compatibilities and Dependencies

Supported OS : Centos 6 & 7 , RHEL 6 &7 Supported cPanel versions : WHM 11.38 and above

Signing Fails. What could be the problem ?

Possibly because of low memory.You can check the cpanel logs for the errors from: # tail -f...