DNSSEC Complete Howto – Registrar Setup

Now that our DNS servers are setup to at least answer non DNSSEC queries it is time to setup the domain.

To support DNS SEC you need a registrar that supports DS records (A partial list can be found at icann) If you already have glue records created at a register that supports DNSSEC then you can skip this entire step.

As I couldn’t find an Australian registrar that does support it I transferred our domain name to GoDaddy (shudder I know) If anyone knows otherwise please let me know.

Once the domain has transferred to an appropriate register you need to create Glue Records for the new name servers. To do this in the Godaddy inteface open the domain management page and in the bottom left hand corner in the host summary box click the add link. We added our two name servers (ns1.1metric.com and ns2.1metric.com

Once the glue records are added you need to change the name servers to the newly added glue records. From the top menu select Nameservers then Set Nameservers from the dropdown. Enter the nameservers into the box in the newly opened window.
Note that the glue records and whois changes may take up to 24hrs to take effect. Once the changes are made if you do a whois on the domain you will see your name servers on the domain.

[root@fs1 ~]# whois 1metric.com
   Domain servers in listed order:

Also if you do a dig at the name servers by name now you will get a result

[root@fs1 ~]# dig +short @ns1.1metric.com 1metric.com
[root@fs1 ~]# dig +short @ns2.1metric.com 1metric.com


How DNSSEC Works
Name Server Setup
Registrar Setup
Sign the Zone