DNSSEC key [#69857] | Virtualmin

Submitted by bislinks on Wed, 09/09/2020 - 09:49 Pro Licensee

I wanted to add DNSSEC key to my server/VPS.

I went to Bind DNS Server -> DNS Keys and did add a key id -> biz and secret string -> 'biz.bislinks.com.`

Thereafter, DNS server did not restart.

I found the following in /etc/named.conf.

key biz {
    algorithm hmac-md5;
    secret "biz.bislinks.com";
    };

Server restarted after manually deleting the above key.

I understand this is not the right way to add DNSSEC key for zone/host.

Did not find anything named DNSSEC but there is a guide on Domain Keys on Virtualmin documentation.

I have enabled/activated domain keys identified mail.

Is there a guide on how to do it properly or Is enabling domain keys enough?

Status:

Fixed (pending)

Comments

Submitted by bislinks on Wed, 09/09/2020 - 09:51 Pro Licensee Comment #1

Watching: https://www.youtube.com/watch?v=1-JN9wHbDkY

Submitted by Ilia on Thu, 09/10/2020 - 05:47 Comment #2

Hi,

You can enable it on per domain basis on Server Configuration > DNS Options page using DNSSEC signature enabled option.

Note: There is a bug currently, which requires you to manually set DNSSEC algorithm in Server Templates > BIND DNS domain. I suggest choosing RSASHA256.

Submitted by Ilia on Thu, 09/10/2020 - 06:13 Comment #3

I added few patches to make sure that DNSSEC algorithm is always set.