I wanted to add DNSSEC key to my server/VPS.

I went to Bind DNS Server -> DNS Keys and did add a key id -> biz and secret string -> 'biz.bislinks.com.`

Thereafter, DNS server did not restart.

I found the following in /etc/named.conf.

key biz {
    algorithm hmac-md5;
    secret "biz.bislinks.com";
    };

Server restarted after manually deleting the above key.

I understand this is not the right way to add DNSSEC key for zone/host.

Did not find anything named DNSSEC but there is a guide on Domain Keys on Virtualmin documentation.

I have enabled/activated domain keys identified mail.

Is there a guide on how to do it properly or Is enabling domain keys enough?

Status: 
Fixed (pending)

Comments

Ilia's picture
Submitted by Ilia on Thu, 09/10/2020 - 05:47

Hi,

You can enable it on per domain basis on Server Configuration > DNS Options page using DNSSEC signature enabled option.

Note: There is a bug currently, which requires you to manually set DNSSEC algorithm in Server Templates > BIND DNS domain. I suggest choosing RSASHA256.

Ilia's picture
Submitted by Ilia on Thu, 09/10/2020 - 06:13

I added few patches to make sure that DNSSEC algorithm is always set.