How do i enable DNSSEC on NameSilo (using DS records form YDNS)

zip6como

2/3/24, 9:17 PM

(First of all i am new to domains in general and DNSSEC). I have tried to enable DNSSEC on NamesSilo for my domain. I only have the ds records in plane text and don't know wich value has to be inserted where They look like this:

33333 77 1 9999999999999999999999999999999999999999
33333 77 2 9999999999999999999999999999999999999999999999999999999999999999
33333 77 4 999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999

(these nubers are placeholders same number means same value but the 1,2 and 4 are there in reality and the length of the values is also correct). But in NameSilo i have to enter the following:

Digest: [text field]
Key Tag: [text field]
Digest Type: [dropdown select option]
Algorithm: [dropdown select option]

I don't know what those values stand for neither do i know where to insert them. i have to use Namesilo because i can pay there in bitcoin without kyc verfification. i have to use ydns because my ip isn't static and i use my domain for projects i host myself. Help would be appreciated..

155

1 + 0

dnssec

dynamic-dns

domain-registrar

Score:0

Server

Håkan Lindqvist

2/3/24, 9:47 PM

First off, check and double-check that the DS record(s) you are working with correspond the correct keys that are used to sign the zone (or sign the keys that sign the zone). Adding the DS record signals to everyone that the zone is signed with the corresponding key, and if that DS data is incorrect, the zone stops working at that point.

The order of the fields in the DS record data is:

<keytag> <algorithm> <digesttype> <digest>

In the question you show having multiple DS records, but practically at this time what you really want to add is most likely just the digest type 2 (SHA256) DS record.

The guidance for choosing DNSSEC algorithms in RFC8624 (from 2019, still of value at this time) covers both recommended DNSKEY algorithms as well as DS algorithms.
(Short version: DS: almost certainly 2/SHA256, DNSKEY: probably 13/ECDSAP256SHA256, or maybe 15/ED25519, or maybe 8/RSASHA256)

As for the registrar-provided interface for adding a DS record, the details will vary by registrar. Using the fields as mentioned in the question, I took the current com DS just to have an example with real values to work with:

com.                    86400   IN      DS      30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766

That would translate to your fields in the question as:

Digest: E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
Key Tag: 30909
Digest Type: 2
(2 translates to SHA-256, see the relevant registry for this parameter)
Algorithm: 8
(8 translates to RSA/SHA-256, see the relevant registry for this parameter)

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How do i enable DNSSEC on NameSilo (using DS records form YDNS)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.