I’ve used a few minutes this evening to research the status of DNSSEC DS records for .net with joker.com as the registrar. It turns out that for .org you need to send them an email (using their support system), which I’ve tried doing with my .net domain now. I’m still waiting for a reply from them, but according to what I’ve managed to find out, they should process the request within three working days. I’ll be sure to publish an update when I receive any sort of reply from them.
The format to use according to what I’ve been able to dig up is (use the reference below in the post for the values to extract from dnssec-dsfromkey):
ds-1-alg:T ds-1-digest:CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC ds-1-digest_type:O ds-1-keytag:YYYYY ds-2-alg:Q ds-2- digest:BXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ds-2-digest_type:Z ds-2-keytag:YYYYY
In the mean time, I’ve decided to swap out my perlpimp.dk for perlpimp.net, which I got from Go Daddy for practically a steal! The reason being that I’ve wanted to for a while, and they have excellent support or most of the domains one’d want to use with DNSSEC, except for the most of the ccTLD ones. They’ve even published a nice guide for setting it up – and it genuinely just works!
In the spirit of my previous guide – I’ll quickly recap using the previous example, what one has to put in what fields in their interface.
|Bash |||copy code |||?|
[root@termite masters]# dnssec-dsfromkey Kperlpimp.dk.+008+10924.key
perlpimp.dk. IN DS YYYYY T O CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC
perlpimp.dk. IN DS YYYYY Q Z XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX XXXXXXX
In the Go Daddy interface fill in the fields using the fields mapped to values in the above example output from dnssec-dsfromkey
Key Tag: YYYYY
Digest Type: Z
Digest: All the X’es concatenated