How to use DNSSEC

GabrielPL · September 18, 2023, 8:55am

hello
Is there any manual or information on where or how they generate the keys for dnssec in hetiacp in Ubuntu 22?
I want to be able to use dnssec on my domains but I see how to generate the data.

note: my servers are configured to a single DNS cluster
Captura

regards

Raphael · September 18, 2023, 9:10am

Have a look at the docs, it should explain all: DNS clusters and DNSSEC | Hestia Control Panel

GabrielPL · September 20, 2023, 10:56pm

hello
Where do I find this option in the panel?

eris · September 21, 2023, 5:38am

If the option is not available then it might be not supported by OS or not setup correctly

GabrielPL · September 21, 2023, 6:19am

I have installed:
Hestia Control Panel v1.8.7
Ubuntu 22.04 (x86_64)

/etc/bind/named.conf.options
dnssec-validation auto;

Do I have to do some configuration to activate it?
regards

eris · September 21, 2023, 7:11am

GabrielPL · September 21, 2023, 7:36am

¿¿??

The link you sent me is the manual that I am following but I do not have the DNSSEC option in my Hestia panel
Captura

eris · September 21, 2023, 7:40am

Are you sure in hestia.conf DNS_CLUSTER_SYSTEM is changed to Hestia-zone?

DNS_CLUSTER_SYSTEM=‘hestia-zone’

GabrielPL · September 21, 2023, 10:04pm

Finally I was able to implement it successfully, I had the file /etc/bind/named.conf.options
with incorrect configuration.

It’s already working.
thanks

ImSplifftastic · October 25, 2023, 9:52pm

Could you explain what changes you made to the configuration file /etc/bind/named.conf.options

eris · October 25, 2023, 11:16pm

See DNS clusters and DNSSEC | Hestia Control Panel

xeruf · November 6, 2023, 7:17am

I followed the master-slave guide to the T and still do not have the checkbox.
Running /usr/local/hestia/bin/v-sync-dns-cluster exits with success.

It clearly says to only switch to hestia-zone for the slave, right?
This should be clarified in the conversion docs further bewlow as well.

eris · November 6, 2023, 7:19am

It should be changed on the master …

In /usr/local/hestia/conf/hestia.conf, change DNS_CLUSTER_SYSTEM='hestia' to DNS_CLUSTER_SYSTEM='hestia-zone'.

xeruf · November 6, 2023, 7:57am

Thanks, it works now!

The the docs need to be adjusted, it is only mentioned in Preparing your Slave server(s):

elmo · December 10, 2023, 6:38pm

Can this be done on a both servers that are acting as both master/slave and master/slave?

" 'DNS_CLUSTER_SYSTEM=‘hestia-zone’` "

I have tested this out on some test servers they seem to work but im not sure if it will cause any problems down the line, would like your feedback @eris

bestperson · March 29, 2024, 6:44pm

Hi everyone, is it possible to use " ‘DNS_CLUSTER_SYSTEM=’ hestia-zone’ " if the site is connected to CF? Probably not, then how do I implement DNSSEC using DNS CF and hestia-zone at the same time, or do I not understand correctly?

eris · March 30, 2024, 12:49am

If you use DNS via CF then manage it in Cloudflare no support for Hestia for it

DGA · April 5, 2024, 4:48pm

This is the same issue with me…