Help with DNSSEC

Discussion in 'General' started by Ignacio Garcia, Sep 24, 2021.

Tags:
  1. Ignacio Garcia

    Ignacio Garcia Member

    Hi you all!!

    I'm trying to figure out how to provide with DNSSEC data to my registrar. The domain I'm trying is registered with cdmon.com, an Spanish leading registrar. The data I've got from ispconfig (slightly modified) is:

    DS-Records:
    mydomain.net. IN DS 53839 13 2 9F52949DCC7383516FD92B29427FEB9E975196269B3563CBF21247FC BF2B0101
    ------------------------------------
    DNSKEY-Records:
    ; This is a zone-signing key, keyid 5665, for mydomain.net.
    ; Created: 20201226092501 (Sat Dec 26 09:25:01 2020)
    ; Publish: 20201226092501 (Sat Dec 26 09:25:01 2020)
    ; Activate: 20201226092501 (Sat Dec 26 09:25:01 2020)
    mydomain.net. IN DNSKEY 256 3 13 gTpgqtj+MIH9bsT0wyBKdFgkgUpkXcOi65nGD675rJS25sDpH41GAwt5 zoXJm9NepFlK6c276QGoqFlMeinVkQ==
    ; This is a key-signing key, keyid 53839, for mydomain.net.
    ; Created: 20201226092501 (Sat Dec 26 09:25:01 2020)
    ; Publish: 20201226092501 (Sat Dec 26 09:25:01 2020)
    ; Activate: 20201226092501 (Sat Dec 26 09:25:01 2020)
    mydomain.net. IN DNSKEY 257 3 13 7QnJdkyibHO9ZTdfJfnuQ2OdIKMiAAU+tAKuH43uS5MEKBfDpY2HiRle aVr+GWjvaYU7DuaI5LrGV6sqO+bGwA==

    cdmon.com asks me to input keytag, algorythm, digest type and dygest, and this is what I input:

    keytag: 53839
    algorythm: 13
    digest type: sha-256 (2)
    digest: 7QnJdkyibHO9ZTdfJfnuQ2OdIKMiAAU+tAKuH43uS5MEKBfDpY2HiRle aVr+GWjvaYU7DuaI5LrGV6sqO+bGwA==

    when inputing that data it showed an undefined error so I contacted support and they tell me they want me to input in the digest field an hexbinary value, so I try 9F52949DCC7383516FD92B29427FEB9E975196269B3563CBF21247FC BF2B0101 which is the only data I have from ispconfig that look hexadecimal to me. Now they're telling me: Digest for type SHA-256 should have length 64

    Now I'm lost.

    Any help or guidance?

    Thanks so much in advance for your help

    Ignacio
     
    Ignacio Garcia, Sep 24, 2021
    #1
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    Your digest does have 64 bytes:
    Code:
    $ echo 7QnJdkyibHO9ZTdfJfnuQ2OdIKMiAAU+tAKuH43uS5MEKBfDpY2HiRleaVr+GWjvaYU7DuaI5LrGV6sqO+bGwA== | base64 -d | wc -c
64
    You just need to convert it from base64 to hexbinary, try:
    Code:
    $ echo 7QnJdkyibHO9ZTdfJfnuQ2OdIKMiAAU+tAKuH43uS5MEKBfDpY2HiRleaVr+GWjvaYU7DuaI5LrGV6sqO+bGwA== | base64 -d | xxd -c 64 -g 0 -u -ps
ED09C9764CA26C73BD65375F25F9EE43639D20A32200053EB402AE1F8DEE4B93042817C3A58D8789195E695AFE1968EF69853B0EE688E4BAC657AB2A3BE6C6C0
     
    Jesse Norell, Sep 24, 2021
    #2
    ahrasis and Ignacio Garcia like this.
  3. Ignacio Garcia

    Ignacio Garcia Member

    Thanks Jesse.

    Well, it seems the people at my registrar (cdmon.com) wouldn't know what to do with the data I sent them. Out of frustration I repeated all the combinations I already entered and it looks like they just need:

    mydomain.net. IN DS 53839 13 2 9F52949DCC7383516FD92B29427FEB9E975196269B3563CBF21247FC BF2B0101

    (without the space) for the digest

    Thanks so much

    Ignacio
     
    Ignacio Garcia, Sep 27, 2021
    #3
    ahrasis likes this.

Share This Page