How to use DNSSEC

GabrielPL · September 18, 2023, 8:55am

hello
Is there any manual or information on where or how they generate the keys for dnssec in hetiacp in Ubuntu 22?
I want to be able to use dnssec on my domains but I see how to generate the data.

note: my servers are configured to a single DNS cluster
Captura

regards

Raphael · September 18, 2023, 9:10am

Have a look at the docs, it should explain all: DNS clusters and DNSSEC | Hestia Control Panel

GabrielPL · September 20, 2023, 10:56pm

hello
Where do I find this option in the panel?

eris · September 21, 2023, 5:38am

If the option is not available then it might be not supported by OS or not setup correctly

GabrielPL · September 21, 2023, 6:19am

I have installed:
Hestia Control Panel v1.8.7
Ubuntu 22.04 (x86_64)

/etc/bind/named.conf.options
dnssec-validation auto;

Do I have to do some configuration to activate it?
regards

eris · September 21, 2023, 7:11am

GabrielPL · September 21, 2023, 7:36am

¿¿??

The link you sent me is the manual that I am following but I do not have the DNSSEC option in my Hestia panel
Captura

eris · September 21, 2023, 7:40am

Are you sure in hestia.conf DNS_CLUSTER_SYSTEM is changed to Hestia-zone?

DNS_CLUSTER_SYSTEM=‘hestia-zone’

GabrielPL · September 21, 2023, 10:04pm

Finally I was able to implement it successfully, I had the file /etc/bind/named.conf.options
with incorrect configuration.

It’s already working.
thanks

ImSplifftastic · October 25, 2023, 9:52pm

Could you explain what changes you made to the configuration file /etc/bind/named.conf.options

eris · October 25, 2023, 11:16pm

See DNS clusters and DNSSEC | Hestia Control Panel

xeruf · November 6, 2023, 7:17am

I followed the master-slave guide to the T and still do not have the checkbox.
Running /usr/local/hestia/bin/v-sync-dns-cluster exits with success.

It clearly says to only switch to hestia-zone for the slave, right?
This should be clarified in the conversion docs further bewlow as well.

eris · November 6, 2023, 7:19am

It should be changed on the master …

In /usr/local/hestia/conf/hestia.conf, change DNS_CLUSTER_SYSTEM='hestia' to DNS_CLUSTER_SYSTEM='hestia-zone'.

xeruf · November 6, 2023, 7:57am

Thanks, it works now!

The the docs need to be adjusted, it is only mentioned in Preparing your Slave server(s):

elmo · December 10, 2023, 6:38pm

Can this be done on a both servers that are acting as both master/slave and master/slave?

" 'DNS_CLUSTER_SYSTEM=‘hestia-zone’` "

I have tested this out on some test servers they seem to work but im not sure if it will cause any problems down the line, would like your feedback @eris

bestperson · March 29, 2024, 6:44pm

Hi everyone, is it possible to use " ‘DNS_CLUSTER_SYSTEM=’ hestia-zone’ " if the site is connected to CF? Probably not, then how do I implement DNSSEC using DNS CF and hestia-zone at the same time, or do I not understand correctly?

eris · March 30, 2024, 12:49am

If you use DNS via CF then manage it in Cloudflare no support for Hestia for it

DGA · April 5, 2024, 4:48pm

This is the same issue with me…

pwd · August 18, 2025, 6:51am

Does anyone know how to set up DNSSEC on subdomains? In the subdomain dns settings, dnssec is checked, but since subdomains cannot be validated at the domain provider, the subdomain will be invalid. It should use the dnssec of the main domain, but on Hestia cp you can only set up dnssec separately for the main domain and the subdomain. Thanks.