DNSSEC

From ISPWiki
Jump to: navigation, search

DNSSEC plug-in is deprecated from version 5.155. See the article DNSSEC configuration

Available in DNSmanager starting from 5.59.

Update system sqlite3 for correct operation on CentOS 6

wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/Application:/Geo/CentOS_6/x86_64/sqlite-3.8.8.1-142.1.x86_64.rpm
yum localinstall sqlite-3.8.8.1-142.1.x86_64.rpm

By default, DNSmanager does not support DNSSEC (Domain Name System Security Extensions), but you can install a free plug-in in order to enable this feature (only for named).

Log in to DNSmanager as Admin --> Modules --> Click "Install" next to "DNSSEC".

Make sure that the commands return valid results:

/usr/local/mgr5/sbin/mgrctl -m dnsmgr pathlist elid=DomainZonesPath
/usr/local/mgr5/sbin/mgrctl -m dnsmgr pathlist elid=named.conf
/usr/local/mgr5/sbin/mgrctl -m dnsmgr pathlist elid=ndc
/usr/local/mgr5/sbin/mgrctl -m dnsmgr paramlist elid=DNS

Once you are done with the plug-in installation, in the edit form of a master domain name you will see the DNSSEC check box.

Dnssec11-en.png

Due to peculiarities of DNSmanaher, if you select the "DNSSEC" check box when creating a domain name, the zone file will be signed by a cron job, which runs once a minute. If you select the check box while editing the domain, the zone file will be signed immediately.

A new directory is created when signing the file

path_to_zone_file/dnssec/owner_name/domain_name

The dnssec-keygen utility generated required key in this directory. The dnssec-signzone utility signs the zone file. In the named named configuration file a path to the zone file will be changed.

DS record will be displayed in the interface. It should be passed to a domain's registrar. You will only need to open the domain edit form after the zone file is signed (if the check box was selected during domain creation, the record will be added in a minute)