• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Question Email: DNSSEC KSK rollover occurred in the DNS zone <domain>

M

MHC_1

Basic Pleskian
Server operating system version
Alma Linux
Plesk version and microupdate number
18
So we are getting emails from some imported domains stating:

Please copy these new DS resource records and add them to the parent zone:

<domain>. IN DS 52400 8 1 BAAE.......767FA3A28
<domain>. IN DS 52400 8 2 2E5C...........F044812E..............46E70973F9A0F035..........3C90B24F59
<domain>. IN DS 9170 8 1 E87...........B8F38BA3A81EB...........4106F6B3F
<domain>. IN DS 9170 8 2 16C401............2DD0D4E3A...............4158B93FB741284B8..........4EC38D8276E
Click to expand...

I assume the "parent" zone is the Server domain because the DNS is handled on the server for multiple client domains.

The admin of the previous server these came from said they had similar notices but just ignored them, and DNS seemed to retain / remain ok.

- What on a practical level do we need to do with the above notification?
- Is it handled automatically?
- If so/ if not can we turn off the notification if action is unneeded.
 
It is not handled automatically. The keys must be manually updated in the parent zone. If you are unsure where the parent zone is, you can use a tool like DNSViz. If the records are not updated you can experience DNS issues, so I wouldn't recommend ignoring the notification. The full doc:
 
Sebahat.hadzhi said:
It is not handled automatically. The keys must be manually updated in the parent zone. If you are unsure where the parent zone is, you can use a tool like DNSViz. If the records are not updated you can experience DNS issues, so I wouldn't recommend ignoring the notification. The full doc:
Click to expand...
Hello

If the DNS parent is on the same server , where/how would that parent domain be updated as per the email?

cheers
 
If the records are for a second-level domain like example.com (as it looks like from the attached notification), the DS records should be added through the domain registrar, i.e. the provider from which you bought the domain name. If they are for a subdomain of a domain hosted in Plesk and having the DNS zone in Plesk, they should be added from Websites & Domains > example.com > DNS Settings > Add new record > DS type.
 
You must log in or register to reply here.

Similar threads

J
Resolved Can not add DS-records, domain is required field since update
Replies
3
Views
2K
Johndenkis
J
Azurel
Issue DNSSEC do not add entries in DNS Settings?
Replies
3
Views
1K
scsa20
scsa20
B
Issue Slave DNS servers not updating zone from target server after migrating domain from source server.
Replies
3
Views
1K
BigBlock
B
Thomas Wilhelmi
Issue DNSSEC on Ububtu 22.04 LTS
Replies
5
Views
3K
learning_curve
learning_curve
T
Resolved Email not working, DNS related maybe?
Replies
2
Views
719
Sebahat.hadzhi
Sebahat.hadzhi
Back
Top