How to use DNSSEC

Is there any manual or information on where or how they generate the keys for dnssec in hetiacp in Ubuntu 22?
I want to be able to use dnssec on my domains but I see how to generate the data.

note: my servers are configured to a single DNS cluster


Have a look at the docs, it should explain all: DNS clusters and DNSSEC | Hestia Control Panel

Where do I find this option in the panel?

If the option is not available then it might be not supported by OS or not setup correctly

I have installed:
Hestia Control Panel v1.8.7
Ubuntu 22.04 (x86_64)

dnssec-validation auto;

Do I have to do some configuration to activate it?


The link you sent me is the manual that I am following but I do not have the DNSSEC option in my Hestia panel

Are you sure in hestia.conf DNS_CLUSTER_SYSTEM is changed to Hestia-zone?


Finally I was able to implement it successfully, I had the file /etc/bind/named.conf.options
with incorrect configuration.

It’s already working.

Could you explain what changes you made to the configuration file /etc/bind/named.conf.options

See DNS clusters and DNSSEC | Hestia Control Panel


I followed the master-slave guide to the T and still do not have the checkbox.
Running /usr/local/hestia/bin/v-sync-dns-cluster exits with success.

It clearly says to only switch to hestia-zone for the slave, right?
This should be clarified in the conversion docs further bewlow as well.

It should be changed on the master …

  1. In /usr/local/hestia/conf/hestia.conf, change DNS_CLUSTER_SYSTEM='hestia' to DNS_CLUSTER_SYSTEM='hestia-zone'.

Thanks, it works now!

The the docs need to be adjusted, it is only mentioned in Preparing your Slave server(s):

Can this be done on a both servers that are acting as both master/slave and master/slave?

" 'DNS_CLUSTER_SYSTEM=‘hestia-zone’` "

I have tested this out on some test servers they seem to work but im not sure if it will cause any problems down the line, would like your feedback @eris

Hi everyone, is it possible to use " ‘DNS_CLUSTER_SYSTEM=’ hestia-zone’ " if the site is connected to CF? Probably not, then how do I implement DNSSEC using DNS CF and hestia-zone at the same time, or do I not understand correctly?

If you use DNS via CF then manage it in Cloudflare no support for Hestia for it


This is the same issue with me…