How to add DNSSEC to a domain name?
- Home
- Knowledge Base
- FAQ
- How to add DNSSEC to a domain name?
Knowledge Base
Identity Digital Registry supports Algorithm ranges including the 6-14 range. Our SRS allows all algorithms defined at the IANA website: http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml.
DNSSEC can be added via EPP or via the web portal
EPP Domain Create with DNSSEC
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
<command>
<create>
<domain:create xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
<domain:name>domain_name</domain:name>
<domain:period unit="y">2</domain:period>
<domain:registrant>registrant_contact</domain:registrant>
<domain:contact type="admin">admin_contact</domain:contact>
<domain:contact type="tech">tech_contact</domain:contact>
<domain:authInfo>
<domain:pw>Password_1</domain:pw>
</domain:authInfo>
</domain:create>
</create>
<extension>
<secDNS:create xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
<secDNS:dsData>
<secDNS:keyTag>12345</secDNS:keyTag>
<secDNS:alg>1</secDNS:alg>
<secDNS:digestType>1</secDNS:digestType>
<secDNS:digest>2BB183AF5F22588179A53B0A98631FAD1A292118</secDNS:digest>
<secDNS:keyData>
<secDNS:flags>257</secDNS:flags>
<secDNS:protocol>3</secDNS:protocol>
<secDNS:alg>1</secDNS:alg>
<secDNS:pubKey>AQPJ////4Q==</secDNS:pubKey>
</secDNS:keyData>
</secDNS:dsData>
</secDNS:create>
</extension>
<clTRID>Test</clTRID>
</command>
</epp>EPP Domain DNSSEC Update
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<command>
<update>
<domain:update
xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
<domain:name>classen.testone</domain:name>
</domain:update>
</update>
<extension>
<secDNS:update
xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
<secDNS:rem>
<secDNS:dsData>
<secDNS:keyTag>257</secDNS:keyTag>
<secDNS:alg>8</secDNS:alg>
<secDNS:digestType>2</secDNS:digestType>
<secDNS:digest>d4d8be8becb97c4b32b8660720f9e05561a9b80db8949e393ddc78df1137c4f9</secDNS:digest>
<secDNS:keyData>
<secDNS:flags>257</secDNS:flags>
<secDNS:protocol>3</secDNS:protocol>
<secDNS:alg>8</secDNS:alg>
<secDNS:pubKey>AwEAAbSUJwKgTiw4/fAdKdeinHB5FiiUAJw2UwiFY0HF8ZunQ4ZuTR+5d3YGKP0pVFq/vE9LvPyn7wANRJOJVKr8NgmadQ/tx3dpEOQ8RyE1LzLogPXYbQHk6Qdv8fCD2erp9KS7R26ZwR/fJNikrbp184LYGLdHKEUdA/oXWnqNMFXFkVC0RWDgBjyOAYK1x7kph+YJstjbJae3F8VbViTP1vjFqgNLfmb2v0jRBGam96XEha4==</secDNS:pubKey>
</secDNS:keyData>
</secDNS:dsData>
</secDNS:rem>
<secDNS:add>
<secDNS:dsData>
<secDNS:keyTag>58789</secDNS:keyTag>
<secDNS:alg>8</secDNS:alg>
<secDNS:digestType>2</secDNS:digestType>
<secDNS:digest>d4d8be8becbd8660720f9e05561a9b80db8949e393ddc78df1137c4f9</secDNS:digest>
<secDNS:keyData>
<secDNS:flags>58689</secDNS:flags>
<secDNS:protocol>3</secDNS:protocol>
<secDNS:alg>8</secDNS:alg>
<secDNS:pubKey>AwEAAbSUJwKgTiw4/fAdKdeinHB5FqUAJw2UwiFY0HF8ZunQ4ZuTR+5d3YGKP0pVFq/vE9LvPyn7wANRJOJVKr8NgmadQ/tx3dpEOQ8RyE1LzLogPXYbQHk6Qdv8fCD2erp9KS7R26ZwR/fJNikrbp184LYGLdHKEUdA/oXWnqNMFXFkVC0RWDgBjyOAYK1x7kph+YJstjbJaAbOHye9oLQZue3F8VbViTP1vjFqgNLfmb2v0jRBGam96XEha4==</secDNS:pubKey>
</secDNS:keyData>
</secDNS:dsData>
</secDNS:add>
</secDNS:update>
</extension>
<clTRID>ABC-12345</clTRID>
</command>
</epp>Web portal create/update
- Fill in the domain create or update information
- Fill in the DNSSEC information as shown below
- Click add
- Click register/update
Note that duplicated DNSSEC records are not allowed by the system if you try to add duplicated values via the web portal you will see the following error.
