Ehud
Basic Pleskian
- Server operating system version
- OS version: Ubuntu 22.04 x86_64 apache2 -v Server version: Apache/2.4.57 (Ubuntu) Server built: 2023-04-08T12:56:02 nginx version: nginx/1.22.1 named -v BIND 9.18.12-0ubuntu0.22.04.1-Ubuntu (Extended Support Version) <id:>
- Plesk version and microupdate number
- Product version: Plesk Obsidian 18.0.52.3 OS version: Ubuntu 22.04 x86_64 Build date: 2023/05/16 12:00 Revision: a3b74dbc9de2e47afd4e532d02fa7759b29d3fa5
Hi,
Plesk offers a feature of DNSSEC to sign the existing DNS records.
When activating it, one gets 4 DS records, and two public keys (DNSKEY).
There are NO instructions what so ever on Plesk , what to do with those. And it's not the process is completed...
According to this erbsite, test can be done via CLI:
It made sense to publish the 4 NS records, however it was not clear what about the 2 Public Keys...
So we know, that the Plesk process hasn't completed the task, and it's not clear what to do. Plesk guide gives no guidance on this at all...
So, we can move on the Digital Ocean's guide.
Here one is taken through a real journey of configuring the server, including with elements, Plesk hasn't configured, and hasn't instructed the Plesk admins' to do. i.e.,
However once getting to the below step:
It's not clear what should be done, as this zone, doesn't exist on Plesk, where there are different zones and system in place in the relevant directory:
This is the point I have reached. I'm asking for the Plesk help to complete the DNSSEC setting process.
Plesk offers a feature of DNSSEC to sign the existing DNS records.
When activating it, one gets 4 DS records, and two public keys (DNSKEY).
There are NO instructions what so ever on Plesk , what to do with those. And it's not the process is completed...
According to this erbsite, test can be done via CLI:
Code:
# whois example.com
DNSSEC: unsigned
It made sense to publish the 4 NS records, however it was not clear what about the 2 Public Keys...
So we know, that the Plesk process hasn't completed the task, and it's not clear what to do. Plesk guide gives no guidance on this at all...
So, we can move on the Digital Ocean's guide.
Here one is taken through a real journey of configuring the server, including with elements, Plesk hasn't configured, and hasn't instructed the Plesk admins' to do. i.e.,
Code:
nano /etc/bind/named.conf.options
dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
However once getting to the below step:
Code:
Sign the zone with the dnssec-signzone command.
dnssec-signzone -3 <salt> -A -N INCREMENT -o <zonename> -t <zonefilename>
dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o example.com -t example.com.zone
It's not clear what should be done, as this zone, doesn't exist on Plesk, where there are different zones and system in place in the relevant directory:
Code:
/etc/bind# ls -a
. .. bind.keys db.0 db.127 db.255 db.empty db.local db.root named.conf named.conf.default-zones named.conf.local named.conf.options rndc.conf rndc.key zones.rfc1918
This is the point I have reached. I'm asking for the Plesk help to complete the DNSSEC setting process.