1

I have a .leg.br domain It's a government dns domain, in this domain it is mandatory to use dnssec, but they told me I need to configure dnssec in my server to the domain works, main question is: How to enable dnssec on a vps hosting or via cpanel? How do I get DS.NAMESERVER.COM insted of NS.NAMESERVER.COM ?

Due to internal bureaucracy they did't accepted the cloudeflare DNSSEC option because it need to be pointed without dnssec first to next enable dnssec The domain it's already with dnssec enable but they don't give me ownership of the domain they don't even allow me to edit nameservers and things like that, what they told me is that I need to configure DNSSEC in my server and send them the Authoritative records. so this way they will put records in the domain that's the question , How can I enable DNSSEC in my vps. or create a DNSSEC server in my vps?

4

2 回答 2

2

如果您必须支持 DNSSEC,最好的办法是使用支持托管 DNSSEC 的 DNS 托管服务。我希望您的 VPS 托管服务不会是其中之一,并且 cpanel 也不支持它。

您现在(2017 年 3 月)的选择基本上是CloudFlare(如果它必须是免费的,并且如果 leg.br 注册表支持 ECDSA DNSSEC 密钥),或者对 DNSSEC 的 Google Cloud DNS alpha 支持。我相信 Verisign 也提供托管 DNSSEC,但也许只有当他们是您的注册商时,如果是这样,我怀疑他们是否能够支持 .leg.br 域。

于 2017-03-21T21:27:27.847 回答
1

cPanel/WHM 现在通过一个名为 PowerDNS 的新模块从 60 版开始支持 DNSSEC。

注意:此功能目前不适用于 DNS 集群。

为服务器启用 DNSSEC

要在 WHM 中启用 PowerDNS,您可以在https://documentation.cpanel.net/display/CKB/How+to+Use+cPanel%27s+PowerDNS的文档中找到此信息

为域创建 DNSSEC 记录

从64版开始?您可以通过 cPanel(不是 WHM)为域设置 DNSSEC。您可以在此处找到文档https://documentation.cpanel.net/display/ALD/Zone+Editor#ZoneEditor-DNSSEC

您必须使用 cPanel 为您提供的信息来设置域注册商的 DS 记录。它不能在 cPanel/WHM 服务器上设置。

我使用 NetEarthOne 帐户在自己的域上对此进行了测试,结果非常简单(谢天谢地)

于 2017-11-30T16:55:45.477 回答