DN Records + DNSSEC

DNS Security is something that is very powerful, and not widely used or understood. Using the DNSSEC Protocol is awesome and you should use it.

By β™Ÿ Vondelphia.com β€” Updated May 18, 2020

You should only use / consider DNSSEC if you are comfortable with DS records and DNSSEC. When you manage DS records, the domain will stop resolving correctly if your name servers are not configured correctly with the associated DNSSEC resource records.

Alot of this stuff is really hard to understand, and not even Von understands this stuff completely. I don’t think anyone truly understands this 100% either…

Matt G.

If you have questions about DNSSEC, or if you have trouble after requesting or changing DS records you will need to provide ultra clear instructions on what you want to achieve.

You need four things to properly configure DS Records:

  1. Digest
  2. Key Tag
  3. Digest Type
    • SHA-1
    • SHA-256
    • GOST R 34.11-94
    • SHA-384
  4. Algorithm
    • RSA/MD5
    • Diffie-Hellman
    • DSA/SHA-1
    • Elliptic Curve
    • RSA/SHA-1
    • DSA-NSEC3-SHA1
    • RSA/SHA-256
    • RSA/SHA-512
    • ECC-GOST
    • ECDSA Curve P-256 with SHA-256
    • ECDSA Curve P-384 with SHA-384
    • Indirect
    • Private DNS
    • Private OID

Digest Type options for DS Records
Algorithm options for DS Records

Helpful links:

Was this helpful?

Yes! πŸŽ‰ No! πŸ˜‘

Not quite what you're looking for? Get Help


Thank you for being part of the Von community.

Leave a Comment

Item added to cart.
0 items - $0