dnssec keys how to

Awd · Jul 1, 2017

Hello,

I have enabled dnssec in Directadmin.
at my provider I can add dnssec keys, but I have no idea what exactly to fill in.
Do I have to add KSK and ZSK both or only the key for KSK?
Witch algorithm do I have to set?

Key tag: I assume the Key ID
Algorithm ?
Flags_ KSK or ZSK or both?
Public key: AwEAAar4XmCenRNPiob5EVqprRcCbsKrYoX1gGSd7d5I71b65YLWCDUi qt1tihnrgGmS0t4bnE4VTTrLLnyIltVi3Do0kvWvIcJ0miYfWfvT0VP5 1q/wbrOhW5pnO7nhofBRnCV4aHNq3OqOILANRTqsagSSdspNlJhFV8Qw zdT8RTD

example of zsk key in directadmin
DNSKEY 256 3 8 AwEAAar4XmCenRNPiob5EVqprRcCbsKrYoX1gGSd7d5I71b65YLWCDUi qt1tihnrgGmS0t4bnE4VTTrLLnyIltVi3Do0kvWvIcJ0miYfWfvT0VP5 1q/wbrOhW5pnO7nhofBRnCV4aHNq3OqOILANRTqsagSSdspNlJhFV8Qw zdT8RTD

Thanks
Fred

Awd · Jul 2, 2017

I found this threat http://forum.directadmin.com/showthread.php?t=54263

So I have to remove the white spaces in key/digest. I assume the right algorithm is RSA-SHA 256(8).
Do I have to publish both (KSK and ZSK?) I read somewhere that KSK is enough.

zEitEr · Jul 2, 2017

Hello Fred,

The requirements differ from zone to zone (TLD). So you need to consult with your registrar.

ikkeben · Jul 2, 2017

you did this ?
https://help.directadmin.com/item.php?id=651

Awd · Jul 3, 2017

Yes, I did. For me it was enough to publish the KSK key.
Key tag: Key ID
Algorithm RSA-SHA 256(8)
Flags_ KSK
Public key: the key generated through directadmin, don´t forget to remove whithespaces and to sign them.

dnssec keys how to

Awd

Verified User

Awd

Verified User

zEitEr

Super Moderator

ikkeben

Verified User

Awd

Verified User