Hello, I tried to use this tutorial Configuring DNSSEC On BIND9 (9.7.3) On Debian Squeeze/Ubuntu 11.10 - Page 4 This command Code: rollinit -zonefile /etc/bind/pri.example.org.signed -keyrec /etc/bind/example.org.krf -admin [email protected] example.org >> all.rollrec it return Code: -bash: rollinit: command not found Maybe because I'm using Debian Buster and not Squeeze ?
This tutorial is not compatible with an ISPConfig server and it is for a completely different operating system version, using it will break your system. ISPConfig comes with DNSSEC support out of the box, just install ISPConfig as described in the perfect server tutorials and you can activate DNSSEC in the zones in ISPConfig directly. Most likely your system is not working properly anymore after you followed this wrong guide and DNS functions from ISPConfig will start to fail, you have to undo each step and undo each change you made from that guide or reinstall the system from scratch.
Fortunately I failed with this tuto first at the first lignes The is no DNSSEC (DS) zone added in my DNS zone, that's why I tried this tuto. Is it normal to do not have DNSSEC (DS) zone added in my DNS zone ?
Enable the checkbox "Sign zone (DNSSEC)" in the DNS zone in ISPConfig and press save. the zone is then signed after about 1 minute. Details for DS Records for your registry are shown in the zone below the checkbox then.
It was done, but I do not see any DS field in IspConfig -> Dns -> domaine-name.com -> Records But If you say that's fine like that, so that's fine for me as well. Thanks
I sorry to be back on this topic, but I don't know what I have to do to setup DNSSEC IspConfig I have : With my registrar (Ovh) I have : What is the right answer for : A = ??? B = ??? C = ??? D = ???
Seems as if ovh uses a bit different format (DNS key format and no DS records). Send the OVH support your DS records and ask them what to put into the fields of there UI. Or try it out, D should be clear, its the key (the long number/char part without whitespace inside). C is 7. Key tag is probably 0 for the first one and 1 for the second one. So you have to try out B.
You can also find more details here: https://downloads.isc.org/isc/dnssec-guide/html/dnssec-guide.html#working-with-parent-zone
It's done, after I will be back with the answer, it can help the other users of Ispconfig Done as well, now I need to wait 24h. Thanks for all your answers.