This is how DNSSEC is described in the manual. But I haven't got these fields running the latest ispconfig 3.1.13p1 on ubuntu 18.04. Sign zone (DNSSEC): Enable this checkbox to enable DNS zone signing with DNSSEC. DNSSEC DS-Data for registry: This field will show the DS-Data of the signed zone. It might
Following the multiserver tutorial it suggests mirroring the nameservers. Would it be wise to keep it as such or change the nameservers and use dnssec?
If you need DNSSEC, then the only way to use it at the moment is to keep the dns servers not mirrored and create a dns slave record on ns2 in ispconfig for the zone(s) instead.
So as I have my setup now (following the multiserver tutorial) i should untick the "is mirror" in the server services config and recreate all zones in secondary DNS and add a slave record for ns2 on the primare dns correct?
Is this close to be re-implemented or it's going to take a while? Also does DNSSEC require new SSL certs from websites and email? or same old are used?
If I remember correctly, it ahs been reimplemented for 3.2 in master branch already, but haven't tested it yet. SSL certs from websites are separate from DNSSEC.