Solved DNSSEC & Multi-Server

[Daniel-Doggy]

Hello everyone,

I am planning on moving my domains to a new registar that support DNSSEC for the domains. (And for some other reasons.)

I know DirectAdmin supports DNSSEC but I cannot find anywhere if it also works with a multi-server setups or if a multi-server setup requires addition (manual) step to properly setup.

So does anyone know if DNSSEC works out of the box with multi-server setups or does it require addional configuration? (Since I use multi-server to have a redundant NameServer.)

Thanks in advance.

 

[DrWizzle]

From the admin control panel, select DNS Administration, then select the domain you want to add DNSSEC to. In the right hand corner at the top, you'll see DNSSEC.

Then select generate keys, accept the warning and you're given this:

Think that's what you need? For some reason, DNSSEC isn't available on the DNS Administration as a user. Not sure if that's a bug, or by design. Sure a few others here may be able to let you know

 

[Richard G]

So does anyone know if DNSSEC works out of the box with multi-server setups or does it require addional configuration? (Since I use multi-server to have a redundant NameServer.)

Short answer: yes that works out of the box with multi-server setup. However, DNSSEC itself does not work out of the box probably.
You need the dnssec=1 in your directadmin.conf file.
da config-set --restart dnssec 1

Once you have that, you can generate DNSSEC key, also on user level provided the user has DNS administration in his package.
It's a little link in the right upper corner if you use the icon grid display.

 

[Daniel-Doggy]

I managed to configure it and it just works after turning on DNSSEC.

The only thing I want to add is:
DNSSEC cannot be managed a user level.
You need admin access to setup and see the DNSSEC records.
DNSSEC is not shown anywhere on user level.

EDIT:
Not completely true. You need to add an extra setting to directadmin to allow users to add DNSSEC. See my post below.

 

[Richard G]

The only thing I want to add is:

You are mistaken. Did you look where I said on user level? Upper right corner in DNS administration?
The user level needs DNS Administration activated.

Once activated, the user -can- generate DNSSEC keys and they are also shown at userlevel. I attached a screenshot so you can see.

 

[Daniel-Doggy]

The DNSSEC button on user level is not visible and or accessible by default.
It is a different setting that you need to add to allow DNSSEC on user level.
See: https://docs.directadmin.com/other-hosting-services/dns/maintaining-records.html

 

[DrWizzle]

The DNSSEC button on user level is not visible and or accessible by default.
It is a different setting that you need to add to allow DNSSEC on user level.
See: https://docs.directadmin.com/other-hosting-services/dns/maintaining-records.html

Cheers for that. That would answer my comment above as to why DNSSEC isn't there by default on a user's account. If i'm totally honest, I only use DNSSEC on my main company domain and have never had any requests for it, so it's never been that high on my priorities to find out why it was missing.

 

[Richard G]

Yes well... my problem is that I'm getting older and sometimes have activated things from which I think should be enabled by default anyway. When installing a new server or extra server, I compare the directadmin.conf files and then make them the same.
And then I have a memory leak after some time and totally forget that this was not enabled by default and even forgot it was a seperate option.