New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
HE DNS dnssec
How do you enable dnssec on HE free dns I know you can do it i found a domain that got it on.
:~$ dig ns **** @1.1.1.1
; <<>> DiG 9.11.5-P4-5.1+deb10u6-Debian <<>> ns **** @1.1.1.1
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: ****
; flags: qr rd ra ad; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1
;; ANSWER SECTION:
****. 3600 IN NS ns1.he.net.
****. 3600 IN NS ns2.he.net.
****. 3600 IN NS ns3.he.net.
****. 3600 IN NS ns4.he.net.
****. 3600 IN NS ns5.he.net.
;; Query time: 546 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Wed Dec 01 21:05:38 GMT 2021
;; MSG SIZE rcvd: 140
you can see the AD flag so dnssec is working.
Comments
The domain is probably been added as an slave zone on HE and signed before pushing the zone to HE, that's the only way I know you can add dnssec on HE.
This is how I'd do it - presigining it also avoids the need for the secondary provider to have your private key. I use PowerDNS for the primary server, which can automatically sign the zone before AXFRing it, but others should be able to do presigining too.
right said. I did the same thing.