Closed lifeboy closed 1 year ago
Google domains here. I use glue records and normal NS in the DNS records. Worked fine. Maybe a few more details to get you the help you need.
On Thu, Nov 3, 2022 at 4:11 AM Roland Giesler @.***> wrote:
As it is, I have change the domain's NS records at the registrar to point to pmiab and have a secondary set as well. When I got the registrar's control panel, there are no DNS records to set, since this is delegated to pmiab.
What am I missing here please?
— Reply to this email directly, view it on GitHub https://github.com/ddavness/power-mailinabox/issues/91, or unsubscribe https://github.com/notifications/unsubscribe-auth/AWFIEDOSEVVOC7X5YDHGNFTWGNXUBANCNFSM6AAAAAARV3VKH4 . You are receiving this because you are subscribed to this thread.Message ID: @.***>
-- -- -- -- -- -- -- -- -- -- -- @.** btc:31mZ7j9BgQYfe9oANjxsu6kMZEQn1Z6PsM -- -- -- -- -- -- -- -- -- --*
Google domains here. I use glue records and normal NS in the DNS records. Worked fine. Maybe a few more details to get you the help you need.
This has little if anything to do with NS glue records, so I'm not sure I understand your response. To add DNSSEC I need to add these records somewhere. That somewhere should be where the zone file is, which is the pmiab machine, not the registrar. Unless this is not so, the message on the status page of pmiab doesn't make sense.
The DS records (Delegation Signature record) are added to the server that does the delegation. The server doing the delegation to the server is the registry. Because of that, the DS record needs to be added to the registry (usually done via the registrar). It works exactly the same way with MiaB.
If the DS record was published on it's own zone, it would be basically like issuing a self-signed certificate.
The process is different from registrar to registrar. On Namecheap you'd need to go to the Advanced DNS section, enable DNSSEC, then add the record there:
Ah, that makes sense. I'll have to engage the registrar then.
Thanks for the clarification.
On Fri, 4 Nov 2022 at 00:00, David Duque @.***> wrote:
The DS records (Delegation Signature record) are added to the server that does the delegation. The server doing the delegation to the server is the registry. Because of that, the DS record needs to be added to the registry. It works exactly the same way with MiaB.
If the DS record was published on it's own zone, it would be basically like issuing a self-signed certificate.
— Reply to this email directly, view it on GitHub https://github.com/ddavness/power-mailinabox/issues/91#issuecomment-1302722968, or unsubscribe https://github.com/notifications/unsubscribe-auth/ABEZPJ744BRWM5TKQ5DURQ3WGQYW3ANCNFSM6AAAAAARV3VKH4 . You are receiving this because you authored the thread.Message ID: @.***>
As it is, I have change the domain's NS records at the registrar to point to pmiab and have a secondary set as well. When I got the registrar's control panel, there are no DNS records to set, since this is delegated to pmiab.
What am I missing here please?