This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Very Confused with DNSSEC Activation

Posted on 03-25-2024 07:25 PM
zachpeele
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I have several domains that I would like to enable DNSSEC on. All of these domains are registered through Google Cloud Domains and they all utilize Cloud DNS. I have enabled DNSSEC on the zone but I am confused about activation. The documentation states that I must add a DS record for TLD with my registrar. Does this mean I simply need to add the DS record to my zone in Cloud DNS? Doing so doesn't seem to have any effect when doing a DNSSEC check.

Solved Solved
0 2 931
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
AI
Staff
Reply posted on --/--/---- --:-- AM

Hi @zachpeele,

Given you have dnssec enabled in Cloud DNS, here is what you have to do:

  • remove all manually created dnssec related records from Cloud DNS
  • In Cloud DNS click Registar Setup (top right corner) and get the value of DS record
  • Go to cloud domains and click on the one in question
  • On the domain page click the link that says something like “view this domain in Google Domains”
  • in Google Domains go to the DNS settings (if not already there) and under the active configuration tab scroll to the dnssec portion, where you will be able to paste the DS record copied from Cloud DNS.

what this will do is it will send the value to the TLD to install in the parent zone (ds record in the parent zone points to the dnskey record in yours (you won’t have to create this dnskey manually)). Keep in mind that the process of publishing of ds record will take a bit of time.

 

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
AI
Staff
Reply posted on --/--/---- --:-- AM

Hi @zachpeele,

Given you have dnssec enabled in Cloud DNS, here is what you have to do:

  • remove all manually created dnssec related records from Cloud DNS
  • In Cloud DNS click Registar Setup (top right corner) and get the value of DS record
  • Go to cloud domains and click on the one in question
  • On the domain page click the link that says something like “view this domain in Google Domains”
  • in Google Domains go to the DNS settings (if not already there) and under the active configuration tab scroll to the dnssec portion, where you will be able to paste the DS record copied from Cloud DNS.

what this will do is it will send the value to the TLD to install in the parent zone (ds record in the parent zone points to the dnskey record in yours (you won’t have to create this dnskey manually)). Keep in mind that the process of publishing of ds record will take a bit of time.

 

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
zachpeele
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Thanks so much! That was exactly what I needed.

Jump to Solution
0 Likes
Top Labels in this Space