Configure DNSSEC in the resellers control panel or mwi

 

DNSSEC stands for DNS Security Extensions, and it is designed to protect Internet resolvers (clients) from forged DNS in order to prevent DNS tampering. DNSSEC works by digitally signing the DNS records at the authoritative DNS server. By checking the digital signature, a DNS resolver knows whether the information it receives is identical (correct and complete) to the information on the authoritative DNS server. This attests to the validity of the address, and ensures that the site you visit is the one you intended to go to rather than a site where your personal information could be compromised. If the DNS cannot be authenticated, your browser won't display the site.

Your DNS provider supplies the DNSSEC values that you enter for your domains.

Note:OpenSRS does not do any DNSSEC validation; we simply pass the DNSSEC values on to the registry. If SystemDNS nameservers are being used, DNSSEC is not supported.

You cannot assign DNSSEC values to the domain at the time that you register it, but once the domain is registered, you can modify it and add the DNSSEC values.  There is no charge for this service.

Permissions

If a user has permission to add/modify DNS settings, then they can also add/modify DNSSEC records.

Adding DNSSEC in the Resellers Control Panel

1. Log into the Resellers Control Panel.

2. Click Domains.

3. Filter/search for the domain for which you would like to manage DNSSEC.

4. Click the domain name.

5. Scroll down to the DNSSEC section and click Edit.

6. Complete the four fields with information obtained from the DNS provider:

  • Key Tag:An integer value that is used to identify the DNSSEC record.
  • Algorithm Type:From the drop-down list, choose the algorithm used to generate the signature.
  • Digest Type:From the drop-down list, choose the algorithm type that was used to construct the digest.
  • Digest:A string value generated by the algorithm.

 

Adding DNSSEC in the Resellers Control Panel

7. ClickSave.

Modifying and Removing DNSSEC in the Resellers Control Panel

To modify or delete the DNSSEC information for a domain, access the domain in the Resellers Control Panel and click DNSSEC as above.

To modify, simply change the information you wish to update and click Save.

To delete, click the red - sign next to the record and click Save.

Modifying and Removing DNSSEC in the Resellers Control Panel

Adding DNSSEC in the MWI

To enable DNSSEC in the MWI, please request your DS record (a string of characters) from your DNS provider.

1. Log into the MWI with the domain for you would like to add DNSSEC.

2. Click Name Servers.

3. Click Configure DNSSEC.

Adding DNSSEC in the MWI

4. Enter the information supplied by your DNS provider:

  • Key Tag:An integer value that is used to identify the DNSSEC record.
  • Algorithm Type:From the drop-down list, choose the algorithm used to generate the signature.
  • Digest Type:From the drop-down list, choose the algorithm type that was used to construct the digest.
  • Digest:A string value generated by the algorithm.

 


5. Click Save DS Records.

Modifying and Removing DNSSEC in the MWI

To modify or delete the DNSSEC information for a domain, access the domain in the MWI and click Name Servers, then Configure DNSSEC, as above.

To modify, simply change the information you wish to update and click Save DS Records.

To delete, click Remove next to the record and click Save DS Records.

Transfers in

For domains being transferred in, DS records will be maintained and carried over to OpenSRS.

Supported TLDs

DNSSEC can be managed by resellers and registrants for a growing list of TLDs.  Please see the gTLD and ccTLD reference chart for specifics.

Was this article helpful? 0 out of 0 found this helpful
Have more questions? Submit a request