DNSmanager 6 Documentation

Global settings

In Settings → Global settings you can select an IP protocol version and enable DNSSEC.

IP protocol versions

  1. To make DNSmanager work with IPv4 addresses, check the box Use IPv4.
  2. To make DNSmanager work with IPv6 addresses, check the box Use IPv6.

DNSSEC

Check the box DNSSEC support and enter the key parameters.

The DNSSEC support option is not dispayed if the pdns service is stopped.

DNSSEC uses 2 types of keys: 

  • ZSK (Zone Signing Key) — this key is used to sign records within the zone;
  • KSK (Key Signing Key) — this key is used to sign keys.

Enter parameters for every key type: 

  • Algorithm ­— select a key generation algorithm:
    • Outdated algorithms: 5 — RSA/SHA-1; 7 — RSASHA1-NSEC3-SHA1;
    • Modern algorithms: 8 — RSA/SHA-256; 10 — RSA/SHA-512; 
    • Newest algorithm: 13 — ECDSA Curve P-256 with SHA-256; 14 — ECDSA Curve P-384 with SHA-384.
  • Key length — enter the KSK-key length (in bites);
  • Renewal period — set the period in months that will pass before a new key will be generated.
Note
Currently, DNSSEC allows specifying only identical algorithm for keys.

For more information please refer to the article Configuring DNSSEC.