Cross Reference Data Required Please

Submitted by andrew.harrison on Sat, 10/03/2015 - 15:32

I have installed dnssec and am attempting to configure Godaddy. Does anyone have a cross reference for the following: If applicable, enter or select the following, and then click Next:

Key Tag — An integer value less than 65536 that identifies the DNSSEC record for this domain name.
Algorithm — The cryptographic algorithm that generates the signature.
Digest Type — The algorithm type that constructs the digest.
Max Signature Life (in seconds) — The length of time that the key is valid for.
Flags — This identifies the key type: a Zone-Signing Key or a Key-Signing Key.
Protocol — This value identifies the protocol the electronic key match up uses.
Digest — The digest is an alpha-numeric value.
Public Key — Registries use this value to encrypt DS records. Decryption requires a matching private key.

Where do I locate the info from Webmin? I see the sign dnnsec page for each domain, I simply have no idea what to enter into Godaddy, or where to find this info in Webmin.

Thanks for your time. Andrew

Example: I use RSASH1 for encryption.

Status: 
Closed (fixed)

Comments

Submitted by andrew.harrison on Sat, 10/03/2015 - 18:00

I almost have it figured out:

1. in /etc/named you look for a file that says: dsset-domainname.com. (where domainname is your unique domain. 2. nano dsset-dommainname.com. 3. Inside of the file you will see:

foodcoststudio.net. IN DS ##### 5 1 Hash string. It will look like garble.

foodcoststudio.net. IN DS ##### 5 2 DSHWHD83383E938E93DJ3DJ39D H42E203E320 <--Example. NOT real.

I went to Godaddy and entered the info into the fields:

keytag := ##### Algorithm :=5 Digest type follows the number five. For record #1 it will be 1. I then pasted the hash string into digest.

This worked well for the first record.

The second record does not seem to work with the hash string, Godaddy says it is invalid. I have tried pasting the entire string in and just the first part. To no avail.

Does anyone have any ideas?

Thanks Andrew

Submitted by andrew.harrison on Sat, 10/03/2015 - 18:24

Update. Simply delete the space in the hash digest. Godaddy then accepts the string with no further errors. Andrew.