Den här artikeln finns även på:
Svenska
If your domain name is registered with us at Oderland and is using our name servers, DNSSEC will be automatically activated. You don’t need to do anything.
If your domain name is registered elsewhere, or is not using our name servers you need to follow the steps below to activate DNSSEC manually.
Which top level domains can I activate DNSSEC for?
We are currently offer support for DNSSEC for the following top level domains:
- .se
- .nu
Create keys through cPanel
To create keys in the control panel you need to be using Oderlands’ name servers. If you do not, you need to create the keys with your name server provider.
Log on to cPanel and click Zone Editor under Domains.
You will now see a list of all domain names on your web hosting account. Click the DNSSEC button.
You will now see a list of the keys for the domain. If it is not empty, DNSSEC is already activated for your domain. You do not need to do anything else. If it is empty, click the button +Create key in the top right corner of the table.
You will now be asked to confirm the key creation. The default settings work for most users, but if you want to customise settings, click Customize. Approve by clicking the Create button.
You will now see information about the created key. Please save this information or leave the screen open. You will need it in the next step.
- Key Tag (1) – an identifier for the key itself. Given as
57556in the example above. - Algorithm (2) – briefly, the cryptographic method used to generate the key. In our example
RSA/SHA-256 2 048 bitar (Algorithm 8)and the important thing to save here is the8by the end. - Digest Type (3) – the second half of the cryptographic equations. You get three different, and the important piece to save is the algorithm number. So from
SHA-1 (Algorithm 1)you save the1. Repeat this process for all three digest types. - Digest (4) – the cryptographic key you have to enter via the Client area. You need to save the entire key, e.g.
b01987...........in our example. Save all three.
If you don’t have your domain registered via us at Oderland, but are using our name servers, please set the key information at your registrar or ask them for help.
Connect the keys to your domain name via the Client area
Log on the Client area. Under the Domains – My domains in the menu to the left you will find all of the domain names you have registered with us.
Do you have your domain registered with us but use external name servers? You then need to create the keys with your name server provider. You can then add them here.
Click the Manage button next to the domain name that you created the key for in cPanel (according to the instructions above).
You will now get an overview of your domain name. Under the Management tools tab, click Manage DNSSEC.
In the table that appears, please add the key information from cPanel. You should copy the Key Tag and Algorithm from the upper part of the key information. Then you create a row for each digest (three of them) and enter Digest Type and Digest in the table.
From cPanel you were given three digests or keys. Every digest should be entered on its own row here in the client area.
- The first column, KeyTag (1), shall have the Key Tag from cPanel (marked 1 in the cPanel screenshot above). This is the same for all digests.
- The second column, Algorithm (2), shall have the number of the algorithm just below the Key Tag in cPanel (marked with 2 in the cPanel screenshot above). This is the same for all digests.
- The third column, Digest Type (3), shall have the algorithm number given for each digest. This is unique for every digest.
- The fourth column, Digest (4), shall have the key for every digest in cPanel. This is unique for every digest.
By clicking on the Copy button next to the key (in cPanel), you can easily paste it into the Client area.
When you are done you should have three rows in your table where the KeyTag and Algorithm columns are the same for all, and the DigestType and Digest columns differ. Compare the image below with the one above with DNSSEC key details.
When you’re done, don’t forget to click Update DS Records.
If you wish to deactivate DNSSEC, send an email to our support. Don’t forget to tell us the domain name.
