How to add DNSSEC to a domain name?

Donuts Registry supports Algorithm ranges including the 6-14 range. Our SRS allows all algorithms defined at the IANA website: http://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xml.

DNSSEC can be added via EPP or via the web portal

EPP Domain Create with DNSSEC

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
  <command>
    <create>
     <domain:create xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
       <domain:name>domain_name</domain:name>
       <domain:period unit="y">2</domain:period>
       <domain:registrant>registrant_contact</domain:registrant>
       <domain:contact type="admin">admin_contact</domain:contact>
       <domain:contact type="tech">tech_contact</domain:contact>
       <domain:authInfo>
         <domain:pw>Password_1</domain:pw>
       </domain:authInfo>
     </domain:create>
    </create>
    <extension>
      <secDNS:create xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
        <secDNS:dsData>
        <secDNS:keyTag>12345</secDNS:keyTag>
        <secDNS:alg>1</secDNS:alg>
        <secDNS:digestType>1</secDNS:digestType>
     <secDNS:digest>2BB183AF5F22588179A53B0A98631FAD1A292118</secDNS:digest>
        <secDNS:keyData>
           <secDNS:flags>257</secDNS:flags>
           <secDNS:protocol>3</secDNS:protocol>
           <secDNS:alg>1</secDNS:alg>
           <secDNS:pubKey>AQPJ////4Q==</secDNS:pubKey>
        </secDNS:keyData>
        </secDNS:dsData>
      </secDNS:create>
    </extension>
    <clTRID>Test</clTRID>
  </command>
</epp>

EPP Domain DNSSEC Update

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
   <epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
     <command>
       <update>
         <domain:update
          xmlns:domain="urn:ietf:params:xml:ns:domain-1.0">
           <domain:name>classen.testone</domain:name>
         </domain:update>
       </update>
       <extension>
         <secDNS:update
          xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
           <secDNS:rem>
             <secDNS:dsData>
               <secDNS:keyTag>257</secDNS:keyTag>
               <secDNS:alg>8</secDNS:alg>
               <secDNS:digestType>2</secDNS:digestType>
               <secDNS:digest>d4d8be8becb97c4b32b8660720f9e05561a9b80db8949e393ddc78df1137c4f9</secDNS:digest>
           <secDNS:keyData>
             <secDNS:flags>257</secDNS:flags>
             <secDNS:protocol>3</secDNS:protocol>
             <secDNS:alg>8</secDNS:alg>
             <secDNS:pubKey>AwEAAbSUJwKgTiw4/fAdKdeinHB5FiiUAJw2UwiFY0HF8ZunQ4ZuTR+5d3YGKP0pVFq/vE9LvPyn7wANRJOJVKr8NgmadQ/tx3dpEOQ8RyE1LzLogPXYbQHk6Qdv8fCD2erp9KS7R26ZwR/fJNikrbp184LYGLdHKEUdA/oXWnqNMFXFkVC0RWDgBjyOAYK1x7kph+YJstjbJae3F8VbViTP1vjFqgNLfmb2v0jRBGam96XEha4==</secDNS:pubKey>
           </secDNS:keyData>
         </secDNS:dsData>
           </secDNS:rem>
           <secDNS:add>
            <secDNS:dsData>
               <secDNS:keyTag>58789</secDNS:keyTag>
               <secDNS:alg>8</secDNS:alg>
               <secDNS:digestType>2</secDNS:digestType>
               <secDNS:digest>d4d8be8becbd8660720f9e05561a9b80db8949e393ddc78df1137c4f9</secDNS:digest>
           <secDNS:keyData>
             <secDNS:flags>58689</secDNS:flags>
             <secDNS:protocol>3</secDNS:protocol>
             <secDNS:alg>8</secDNS:alg>
             <secDNS:pubKey>AwEAAbSUJwKgTiw4/fAdKdeinHB5FqUAJw2UwiFY0HF8ZunQ4ZuTR+5d3YGKP0pVFq/vE9LvPyn7wANRJOJVKr8NgmadQ/tx3dpEOQ8RyE1LzLogPXYbQHk6Qdv8fCD2erp9KS7R26ZwR/fJNikrbp184LYGLdHKEUdA/oXWnqNMFXFkVC0RWDgBjyOAYK1x7kph+YJstjbJaAbOHye9oLQZue3F8VbViTP1vjFqgNLfmb2v0jRBGam96XEha4==</secDNS:pubKey>
           </secDNS:keyData>
         </secDNS:dsData>
           </secDNS:add>
         </secDNS:update>
       </extension>
       <clTRID>ABC-12345</clTRID>
     </command>
   </epp>

Web portal create/update

  1. Fill in the domain create or update information
  2. Fill in the DNSSEC information as shown below
  3. Click add
  4. Click register/update

Note that duplicated DNSSEC records are not allowed by the system if you try to add duplicated values via the web portal you will see the following error.

Related Articles