Enabling DNSSSEC on your DirectAdmin server

DNSSEC is a tool used to verify the validity of a dns lookup.
You can enable this feature in DirectAdmin 1.44.1 and newer by typing:

cd /usr/local/directadmin/scripts
./dnssec.sh install

After the command has been successfully executed. Please add the following to the ‘options { …. }’ section of your /etc/bind/named.conf.options:

dnssec-enable yes;
dnssec-validation yes;
dnssec-lookaside auto;
bindkeys-file "/etc/bind/named.iscdlv.key";

which should confirm if your named.conf is set, and will enable the dnssec=1 in the directadmin.conf automatically. If the script thinks you’re missing anything from your named.conf, it will tell you what to add.

To enable DNSSEC on a domain, go to:
Admin Level -> DNS Admin -> prado.lt

1. Click “Generate Keys”
2. then click “Sign”

3. You should now see values at the bottom of the zone. Copy the 2 DS records, and paste them into your domain registrar’s website.

If you have any subdomains created as full domains, you’ll need to follow extra steps to continue the chain of trust up the line into the main domain’s zone. For normal subdomains created under a domain, no extra action is required, as they’re part of the domain’s normal zone.