This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
internet:hosting:virtualmin_dns [2019/04/04 10:01] gcooper |
internet:hosting:virtualmin_dns [2019/04/04 11:06] (current) gcooper |
||
---|---|---|---|
Line 144: | Line 144: | ||
* **DNSSEC enabled?** Yes | * **DNSSEC enabled?** Yes | ||
* **DNSSEC response validation enabled?** Yes (automatic mode) | * **DNSSEC response validation enabled?** Yes (automatic mode) | ||
+ | |||
+ | **Webmin -> Servers -> BIND DNS Server -> DNSSEC Key Re-Signing ->** | ||
+ | |||
+ | * **Automatic key re-signing enabled?** Yes | ||
+ | * **Period between re-signs?** 21 days | ||
==== For Newly Created Domains ==== | ==== For Newly Created Domains ==== | ||
Line 149: | Line 154: | ||
:!: Virtualmin will add DNSSEC records automatically to new domains as they are created. | :!: Virtualmin will add DNSSEC records automatically to new domains as they are created. | ||
- | :!: You may need to enable DNSSEC in Webmin for this to work as advertised (see below). | + | **Virtualmin -> System Settings -> Server Tempates -> Default Settings -> BIND DNS domain ->** |
- | **Virtualmin -> System Settings -> Server Tempates -> Default Settings -> BIND DNS domain** | + | |
- | + | * **DNSSEC cryptographic algorithm** RSASHA1 | |
- | | + | * **Number of DNSSEC keys** Zone key and key-signing key |
- | * Yes | + | |
==== For Existing Domains ==== | ==== For Existing Domains ==== | ||
- | **Webmin -> Servers -> BIND DNS Server** | + | **Webmin -> Servers -> BIND DNS Server |
- | * **DNSSEC Verification** | + | * **Key algorithm** RSASHA1 |
- | * **Enable DNSSEC Verification** | + | * **Key size** Average size |
+ | * **Number of keys to create** Zone key and key-signing key | ||
+ | * **Create and Add Key** | ||
+ | * **Apply Zone** | ||
- | {{ :internet:hosting: | + | :!: You can also remove, then recreate the key. |
- | * **DNSSEC | + | ==== Examine |
- | * Enable | + | |
- | {{ : | + | **Virtualmin |
- | **Webmin -> Servers -> BIND DNS Server | + | * **DNS Options** |
+ | * You can see **DNSSEC zone keys** and registrar **DS records** here | ||
+ | * **DNS Records | ||
+ | | ||
- | | + | **Force Virtualmin to regenerate all records**, if necessary: |
- | * Create and Add Key | + | |
- | * You can also remove, then recreate the key | + | |
- | * **Apply Zone** | + | |
- | **Virtualmin -> < | + | **Virtualmin -> <Domain/Zone> -> Server Configuration |
- | + | ||
- | * **DNS Options** | + | |
- | * You can see DNSSEC zone keys here | + | |
- | * **DNS Records** | + | |
- | * You can see DNSSEC records here | + | |
==== Testing DNSSEC ==== | ==== Testing DNSSEC ==== | ||
Line 198: | Line 199: | ||
http:// | http:// | ||
- | Get the information you need at one of these locations: | + | === More DS Record Info === |
+ | |||
+ | You can also get the information you need at one of these locations: | ||
< | < |