Articles in this section

Adding DNSSEC to a Domain Name

Avatar
Yaro T
  • Updated
Follow

What is DNSSEC?

DNSSEC is a technology that digitally 'signs' data so a site is protected against attacks.   It helps protect against forged DNS data. The goal is to provide assurance that the DNS records provided to the user are the same as the DNS records published on the DNS server. 

How to configure DNSSEC

DNSSEC support must be enabled with your current DNS provider. At this time, Our default name servers do not support the creation of the appropriate resource records to create a proper DNSSEC chain.

If your DNS provider has enabled DNSSEC support, they will also provide you a corresponding Delegation Signer (DS) record that will need to be added to the appropriate registry's DNS zone.

If you do not have access to our Reseller API,  please submit a Support Request with the DS record while logged into your account so that we may update this record on your behalf.

If you are an Enom.com Reseller, you may update,add or delete DS records by utilizing the following API calls:

https://www.enom.com/api/API%20topics/api_adddnssec.htm
https://www.enom.com/api/API%20topics/api_getdnssec.htm
https://www.enom.com/api/API%20topics/api_deletednssec.htm

Components of DNSSEC

There are 6 components to a DS key:

  1. Domain Name - The domain name of the DNSSEC
  2. TTL  - The time to live
  3. Key Tag- A numerical value that is used to identify the DNSSEC record.
  4. Algorithm - The the algorithm used to generate the signature.
    • 3 for DSA/SHA1
    • 5 for RSA/SHA1
    • 6 for DSA-NSEC3-SHA1
    • 7 for RSASHA1-NSEC3-SHA1
    • 8 for RSA/SHA-256
    • 9 for RSA/SHA-512
  5. Digest Type - The algorithm type that was used to construct the digest.
    • 1 for SHA-1
    • 2 for SHA-256
  6. Digest - A string value generated by the algorithm.

The components are usually generated and submitted in the bind format, and appears as follows:

  • example.com.        IN DS 54321 8 1 1234567891012345678910

 

Related articles

Comments

2 comments

Sort by Date Votes

Please sign in to leave a comment.