Ispconfig3 DNSSEC DS keys for registar

Discussion in 'General' started by Lionheart82, Dec 28, 2020.

Tags:
  1. Lionheart82

    Lionheart82 Member

    Hello all, I wish you happy holidays :)

    I am trying to verify dnssec for a new server by using this tool (first used this one https://internet.nl/)
    https://dnssec-analyzer.verisignlabs.com/webpoint.gr
    The only issue i find in the scan is :
    [​IMG] No DS records found for webpoint.gr in the gr zone

    So what i need is to find the following:
    key tag
    key algorithm
    digest type
    digest
    now from this topic i have understood what is going on but we are getting erros inserting key algorithm and digest type into ISP fields as they input is 3 digit format. what we tried is 257 as key algorithm and 256 for digest type.
    https://www.howtoforge.com/community/threads/solved-dnssec-key-for-registrar.78635/

    according to this : https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml
    is it possible that for SHA-256 we need to place value 2. (not tested) but for key algorithm i am not sure what should be the case.


    relative fields:
    https://www.internetsociety.org/res...-link-a-registar-to-a-dns-hosting-provider-4/

    * nice tool also: https://dnsviz.net/

    Thank you for your time.
     
  2. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    You have to add the KSK (257) at your domain registrar.
     
  3. Lionheart82

    Lionheart82 Member

    Hello, thank you for your reply, my registar informs the that with the following inputs:
    key tag 8068
    key algorithm 257
    digest type 2
    digest (big tag 0 this is ok)
    His systems throws an error that digest type and key algo dont match with 8068..
    attached the options i have for the dnssec... i would not give this full info public ;)

    Any thoughts?
     

    Attached Files:

  4. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    The algorithm is not 257, 257 means it's the key signing key (KSK). the algorithm is 13.
     
  5. Lionheart82

    Lionheart82 Member

    thank you.
    We tried again with:
    key tag 8068 -> ok
    key algorithm 13 -> ok
    digest type 2 -> not ok error that does not comply with the key tag / algo not sure. also tryed 0-4 values not accepting them :S

    Bump
     
  6. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Check with your domain provider what the accepted values are for the fields and if you can, share the form with us (through a screenshot).
     
  7. Lionheart82

    Lionheart82 Member

    Hello, attached the platform.
    There is no FAQ for it as i am informed.
    what we know is that:
    Digest Type, can get from 1 upto 4 value.
    Key Algorithm: upto 3 digit number.

    Br,
    Alexandros
     

    Attached Files:

Share This Page