DNSSEC settings .co.za

G

grynge

Verified User
Joined
Sep 9, 2014
Messages
20
Here is an unusual problem I guess most people don't have to worry about.

When I sign my domains with DNSSEC it normally is
Flag xxxxx Algorithm/Protocol 8 Digest 1 or 2 PublicKey xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

The Algorithm/Protocol is always 8 and Digest is 1 or 2
This seems to work fine for most domains .net .com .com.au etc

I have a problem trying to sign a .co.za at the registrar

[COMMAND]
COMMAND = MODIFYDOMAIN
ADDSECDNS-KEY0 = xxxxx 8 1 xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
DOMAIN = domain.co.za
EOF

[RESPONSE]
CODE = 505
DESCRIPTION = Invalid attribute value syntax; SECDNS-KEY0 - flags INVALID (use 0, 256 or 257)
EOF

Any idea how I go about changing the Algorithm/Protocol to 0 256 or 257?

Hoping someone can point me in the right direction, thanks in advance.
 

DNSSEC - CentralNic Reseller Knowledge Base

The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks.
wiki.rrpproxy.net wiki.rrpproxy.net
 
Hi Active8,
Thanks for that, I do understand it a little, but what I don't know is how to change the auto making in DirectAdmin where it constantly makes the Algorithm 8 I don't know how to change that to what I think is the required 0 256 or 257

From Registry.net.za
Notes

1. The <secDNS:create> element must be used to specify the DNSSEC data.

2. The <secDNS:maxSigLife> element must contain the lifespan of the applied key, in seconds.

3. Signing key information must be included in the child elements of the <secDNS:KeyData> element.

4. The <ecDNS:flags> element MUST have a value of "257". This indicates that the information to follow represents a zone signing key.

5. The <secDNS:protocol> element MUST have a value of "3".

6. The <secDNS:alg> element MUST represent the type of key being used to sign the zone. The value MUST match one of the available values listed here. The most typical value is "8", representing a RSA/SHA256 key type.

7. The entire key must be included in the <secDNS:pubKey> element.
Click to expand...
 
Actually I've been reading it wrong, its not the Algorithm that needs to be changed its the Flags, but in DirectAdmin the flags are set what seems to me to be correct
DNSKEY 256 3 8 AwEAAcCORCfblahblahblah
DNSKEY 257 3 8 AwEAAdVnRblahblahblah
Click to expand...

So that stuffs me up lol even if I could change them what do I change them to they are set correctly.
 
You must log in or register to reply here.
Back
Top