Resolved Cannot add DS records on domain DNS

[Stordia]

Server operating system version

Ubuntu 22.04.4 LTS

Plesk version and microupdate number

18.0.63 Update #1

I am trying to enable DNSSEC for some of my domains, after I try to add the DS records in DNS but with no luck.

Steps to reproduce:

Go to Websites & Domains -> example.com -> DNS Settings and [+ Add record].

Record type : DS

Domain name* [ ].example.com >>>
cannot be empty: This required field is empty. You need to specify a value.

You cannot add a DS record for that domain!

Or I am doing something false?

 

[Stordia]

Continues...

After enabling DNSSEC, I have added the DS records manual from the CLI with the below command:

plesk bin dns --add example.com -ds "17177 13 1 86EF16342E82A5E46570856F285A7F088F964F27"
plesk bin dns --add example.com -ds "17177 13 2 84F0C5B1ACD26A55958D0F2015FC45F7BB038401F38CFBDFCBCA6D7772DB8843"
plesk bin dns --add example.com -ds "31762 13 1 CDBBF93E199EE4A6CAA0EB32B9AA6416B8202DDC"
plesk bin dns --add example.com -ds "31762 13 2 B0D3227EADB41A3B480675D1520E30AE686DEC2312CCBC0B9DD481227A0CE5E3"

Now and on every change I wish to made on the domain DNS I get this error:
Internal errorSyntaxError: Unexpected non-whitespace character after JSON at position 105 (line 1 column 106)

...and the strange thing is that the registration is done normally and the above error appears!

 

[AYamshanov]

Hi! If you use a 2nd-level domain like "example.com", DS records should be added on the Registrar side, in an entity where you have registered the domain.

• Updating the DS Records in the Parent Zone

Adding DS records in Plesk is for scenarios with a 3rd-level domain when the parent zone (a 2nd-level domain) is hosted on Plesk. Seems the warning is GUI is correct because one of the required fields is empty (and CLI does not have one of the pre-validation steps that GUI has).

 

[Stordia]

Thank you @AYamshanov!
Case Resolved.

 

[Johndenkis]

Hi! If you use a 2nd-level domain like "example.com", DS records should be added on the Registrar side, in an entity where you have registered the domain.

• Updating the DS Records in the Parent Zone

Adding DS records in Plesk is for scenarios with a 3rd-level domain when the parent zone (a 2nd-level domain) is hosted on Plesk. Seems the warning is GUI is correct because one of the required fields is empty (and CLI does not have one of the pre-validation steps that GUI has).

This actually didn't solve our case. Since one of the last updates, this field became required. This domain field was never required before, and we use Plesk on our primairy DNS sets. Even in a working subscription in which we had enabled DNSSEC before, we can't update the existing DS-records because they don't have a domain name (to be) filled in. This GUI update means we can never add DNSSEC to a domain again via Plesk. We need an alternative or solution. DS-records should be able to add with the domain field being empty.

 

[AYamshanov]

DS (delegation signer)
Holds the name of a delegated zone. References a DNSKEY record in the sub-delegated zone. The DS record is placed in the parent zone along with the delegating NS records. (c) Domain Name System Security Extensions - Wikipedia

The record should contain the name of the subdomain. If you want to enable DNSSEC for a domain, then the DS record should be placed inside the parent zone (e.g. on the Registrar side), and point to the (sub-)domain from the parent's point of view (and a DS record should not point to itself).

@Johndenkis If I wrongly understand your case, could you please provide a little bit more details to help understand the scenario of why you need to have a DS record in the domain that points to the same domain? As I understand, when a DS record points to its domain, it can't help to establish a chain of trust from a parent zone and domain.

Let's continue the discussion in the Issue - Can not add DS-records, domain is required field since update thread.