{"id":942,"date":"2021-07-23T12:41:46","date_gmt":"2021-07-23T12:41:46","guid":{"rendered":"https:\/\/ssdsunucum.com\/blog\/dns-zone-manager\/"},"modified":"2021-07-23T12:41:46","modified_gmt":"2021-07-23T12:41:46","slug":"dns-zone-manager","status":"publish","type":"post","link":"https:\/\/ssdsunucum.com\/blog\/dns-zone-manager\/","title":{"rendered":"DNS Zone Manager"},"content":{"rendered":"<\/p>\n
\n
\n
\n

Valid for versions 98 through the latest version<\/em><\/p>\n<\/div>\n

\n

Version:<\/h4>\n

86<\/h4>\n

88<\/h4>\n

92<\/h4>\n

96<\/h4>\n

98<\/h4>\n<\/div><\/div>\n
\n

Overview<\/h2>\n

This feature allows you to edit the records in a domain\u2019s DNS (Domain Name System) zone file. DNS converts human-readable domain names (for example, example.com<\/code>) to computer-readable IP addresses (for example, 192.0.0.1<\/code>). To perform this function, DNS relies on zone records that exist on your server to map domain names to IP addresses.<\/p>\n

\n
Important:<\/div>\n
\n
    \n
  • We deprecated<\/strong> the MyDNS and NSD nameserver software in cPanel & WHM version 78 and plan to remove them in a future release. If you use either of these nameservers, we strongly<\/strong> recommend that you migrate to either the PowerDNS or BIND namesevers. For more information, read our cPanel Deprecation Plan documentation.<\/li>\n
  • DNS zones that reside on other Write-only DNS servers in a DNS cluster do not<\/strong> appear in this interface.<\/li>\n<\/ul><\/div>\n<\/div>\n

    Domains<\/h2>\n

    The DNS Zone Manager<\/em> interface displays all of your server\u2019s domains. To filter the list, enter a name in the text box. For each listed domain, you can perform the following actions:<\/p>\n

      \n
    • A Record<\/em> \u2014 Create a new A record. When you select this record type, a new window will appear. Enter a valid DNS zone name in the Name<\/em> text box and a valid IPv4 address in the Address<\/em> text box. Click Add An A Record<\/em> to save your changes.<\/li>\n
    • CNAME Record<\/em> \u2014 Create a new CNAME record. When you select this record type, a new window will appear. Enter a valid DNS zone name in the Name<\/em> text box and a FQDN in the CNAME<\/em> text box. Click Add A CNAME Record<\/em> to save your changes.<\/li>\n
    • MX Record<\/em> \u2014 Create a new MX record. When you select this record type, a new window will appear. Enter the record\u2019s priority value in the Priority<\/em> text box and a FQDN in the Destination<\/em> text box. Click Add An MX Record<\/em> to save your changes.<\/li>\n
    • DNSSEC<\/em> \u2014 Manage the domain\u2019s DNSSEC (Domain Name System Security Extensions) records. When you select this record type, the system directs you to the View DNSSEC Keys<\/em> interface.<\/li>\n
    • Manage<\/em> \u2014 Add or edit additional domain records. When you select this setting, the system directs you to the Manage DNS Zone Records<\/em> interface.<\/li>\n<\/ul>\n

      Manage DNS Zone Records<\/h3>\n

      This interface displays a table with a list of the selected domain\u2019s DNS zone records. To filter the list, enter a name in the text box or select an available record type filter.<\/p>\n

      The record table contains the following information for each record:<\/p>\n

        \n
      • Name<\/em> \u2014\u00a0The record\u2019s name.<\/li>\n
      • TTL<\/em> \u2014 The record\u2019s Time to Live (TTL).<\/li>\n
      • Type<\/em> \u2014 The record\u2019s type.<\/li>\n
      • Record<\/em> \u2014\u00a0The record\u2019s information.<\/li>\n
      • Actions<\/em> \u2014\u00a0The option to edit or delete the record.<\/li>\n<\/ul>\n

        You can also use this interface to:<\/p>\n

          \n
        • Add or edit one or more DNS zone records.<\/li>\n
        • Delete a DNS zone record.<\/li>\n
        • View the raw DNS zone file.<\/li>\n
        • Reset the DNS zone.<\/li>\n<\/ul>\n

          Add a DNS zone record<\/h4>\n

          To add a DNS zone record, perform the following steps:<\/p>\n

            \n
          1. Click Manage<\/em> next to the domain you want to modify.<\/li>\n
          2. Click Add Record<\/em>. You can also click the arrow icon (\"The) and select the desired record type from the list.\n
            \n
            Note:<\/div>\n
            \n

            To add multiple records, click Add Record<\/em> multiple times or select the desired record types from the list. The system adds the new records to the top of the table.<\/p>\n<\/p><\/div>\n<\/div>\n<\/li>\n

          3. Enter the record information.<\/li>\n
          4. Click Save Record<\/em> or Save All Records<\/em>, or click Cancel<\/em>.<\/li>\n<\/ol>\n

            Edit a DNS zone record<\/h4>\n

            To edit a DNS zone record, perform the following steps:<\/p>\n

              \n
            1. Click Manage<\/em> for the domain that you want to modify. A new interface will appear.<\/li>\n
            2. Click Edit<\/em> next to the record or records that you want to edit.<\/li>\n
            3. Update the information in the text boxes.\n
              \n
              Note:<\/div>\n
              \n

              If you change an existing record\u2019s Type<\/em> value, the system preserves the current record\u2019s data until you save your changes.<\/p>\n<\/p><\/div>\n<\/div>\n<\/li>\n

            4. Click Save Record<\/em> or Save All Records<\/em> to save your changes, or click Cancel<\/em>.<\/li>\n<\/ol>\n

              DNS zone record types<\/h3>\n

              When you add or edit a DNS zone record, you can select from the following record types:<\/p>\n

              A<\/h5>\n

              IPv4 Address Record \u2014 This record maps hostnames to IPv4 addresses. These records allow DNS servers to identify and locate your website and its various services on the internet. Without appropriate A records, your visitors cannot access your website, FTP site, or email accounts. You can set the following values:<\/p>\n

                \n
              • Name<\/em> \u2014 A new or existing DNS zone name. When you enter a zone name, the system automatically appends the domain name to the zone record. For example, if you create the user<\/code> zone, the system will add the example.com.<\/code> domain information.<\/li>\n
              • Address<\/em> \u2014 Enter the domain\u2019s IP address.<\/li>\n<\/ul>\n
                AAAA<\/h5>\n

                IPv6 Address Record \u2014 This record is the same as an A record, but maps hostnames to IPv6 addresses.<\/p>\n

                AFSDB<\/h5>\n

                Andrew File System Data Base Location \u2014 This record provides the location of the domain name\u2019s Andrew File System (AFS) database server or Distributed Computing Environment (DCE) authentication server. You can set the following values:<\/p>\n

                  \n
                • Subtype<\/em> \u2014 The type of server the record points to. You can use one of the following values:\n
                    \n
                  • 1<\/code> \u2014 An AFS location server.<\/li>\n
                  • 2<\/code> \u2014 A DCE authentication server.<\/li>\n<\/ul>\n<\/li>\n
                  • Hostname<\/em> \u2014 The domain name of the database server.<\/li>\n<\/ul>\n
                    CAA<\/h5>\n

                    Certificate Authority Authorization Record \u2014 This record controls which certificate authorities (CA) can issue SSL certificates for a domain.<\/p>\n

                    \n
                    Note:<\/div>\n
                    \n
                      \n
                    • If no CAA records exist for a domain, all<\/strong> CAs can issue certificates for that domain. If conflicting CAA records already exist, remove the existing CAA records or add one for the desired CA.<\/li>\n
                    • MyDNS does not<\/strong> support this record type.<\/li>\n
                    • The system stores these records in the RFC 3597 format.<\/li>\n<\/ul><\/div>\n<\/div>\n

                      You can set the following values:<\/p>\n

                        \n
                      • Issuer Critical Flag<\/em> \u2014 Whether the CA will issue an SSL certificate if the CAA Resource Record contains unknown property tags. For more information about CAA record flags, read the RFC 6844 documentation.\n
                          \n
                        • 0<\/em> \u2014 Non-critical. The CA will issue an SSL certificate if the CAA Resource Record contains unknown property tags.<\/li>\n
                        • 1<\/em> \u2014 Critical. The CA will not<\/strong> issue an SSL certificate if the CAA Resource Record contains unknown property tags.<\/li>\n<\/ul>\n<\/li>\n
                        • Tag<\/em> \u2014 The CAA record\u2019s property type:\n
                            \n
                          • issue<\/em> \u2014 Authorize a CA to issue a certificate for the domain.<\/li>\n
                          • issuewild<\/em> \u2014 Authorize a CA to issue a wildcard certificate for the domain.<\/li>\n
                          • iodef<\/em> \u2014 Specify a URL to which a CA may report policy violations.<\/li>\n<\/ul>\n<\/li>\n
                          • Value<\/em> \u2014 The CA\u2019s domain, or the CA\u2019s URL if you select the iodef<\/em> setting in the Tag<\/em> section.<\/li>\n<\/ul>\n
                            CNAME<\/h5>\n

                            Canonical Name Record \u2014 This record creates an alias for another domain name, which DNS resolves. This is useful, for example, if you point multiple CNAME records to a single A record in order to simplify DNS maintenance. You can set the following values:<\/p>\n

                              \n
                            • Name<\/em> \u2014 A new or existing DNS zone name. When you enter a zone name, the system automatically appends the domain name to the zone record. For example, if you create the user<\/code> zone, the system will add the example.com.<\/code> domain information.<\/li>\n
                            • Record<\/em> \u2014 Enter a fully-qualified domain name (FQDN). For example, the example2.com<\/code> domain. You cannot point a CNAME record to an IP address.<\/li>\n<\/ul>\n
                              DMARC<\/h5>\n

                              Domain-based Message Authentication, Reporting, and Conformance \u2014 This record indicates the action for a mail server to take when it receives an email from this domain, but that message fails Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) checks.<\/p>\n

                              When you select this setting, the system creates a TXT record with a default DMARC record. The system also displays a form that allows you to define the domain\u2019s DMARC Policy<\/em> (None<\/em>, Quarantine<\/em>, or Reject<\/em>), as well as the following optional parameters:<\/p>\n

                                \n
                              • Subdomain Policy<\/em> \u2014 The action the mail server will take when it receives an email from the domain\u2019s subdomain. The server only takes this action if the email fails its SPF and DKIM checks.\n
                                  \n
                                • None<\/em> \u2014 Do not take any action.<\/li>\n
                                • Quarantine<\/em> \u2014 Send spam email to a different folder on the account.<\/li>\n
                                • Reject<\/em> \u2014 Reject spam email.<\/li>\n<\/ul>\n<\/li>\n
                                • DKIM Mode<\/em> \u2014 The DKIM level that the server enforces for the domain. An email must have a valid DKIM signature. The server will check a DKIM signature against the email\u2019s From:<\/code> domain entry. You can set the following identifier alignment settings:\n
                                    \n
                                  • Relaxed<\/em> \u2014 Only the organizational domains must match. For example, an email from the domain.example.com<\/code> subdomain of example.com<\/code> would pass the DKIM check.<\/li>\n
                                  • Strict<\/em> \u2014 The domains must<\/strong> match exactly. For example, the server will accept email from the example.com<\/code> domain, but it would reject email from the domain.example.com<\/code> subdomain.<\/li>\n<\/ul>\n<\/li>\n
                                  • SPF Mode<\/em> \u2014 The SPF level that the server will enforce for the domain. The server sending email must pass SPF authorization. The server checks the server sending an email with the SMTP MAIL FROM<\/code> command. The server then checks the MAIL FROM<\/code> domain entry against the email\u2019s From:<\/code> domain entry. You can set the following identifier alignment settings:\n
                                      \n
                                    • Relaxed<\/em> \u2014 Only the organizational domains must match. For example, an email from the domain.example.com<\/code> subdomain of example.com<\/code> would pass the SPF check.<\/li>\n
                                    • Strict<\/em> \u2014 The domains must<\/strong> match exactly. For example, the server will only accept email if the domain is example.com<\/code>. It would reject an email from the domain.example.com<\/code> domain.<\/li>\n<\/ul>\n<\/li>\n
                                    • Percentage<\/em> \u2014 The percentage of emails that you want the server to filter.<\/li>\n
                                    • Generate Failure Reports When<\/em> \u2014 The error reporting policy between the sender and receiver\u2019s Mail Transfer Agents.<\/li>\n
                                    • Report Format<\/em> \u2014 The format that the server uses to report an email\u2019s possible spam status.<\/li>\n
                                    • Report Interval<\/em> \u2014 The amount of time, in seconds, that elapse between each aggregate email report. This parameter\u2019s value defaults to 86400<\/code>.\n
                                      \n
                                      Note:<\/div>\n
                                      \n

                                      This value does not<\/strong> include email failure messages.<\/p>\n<\/p><\/div>\n<\/div>\n<\/li>\n

                                    • Send Aggregate Mail Reports To<\/em> \u2014 A comma-separated list of Uniform Resource Identifiers (URIs) to which to send the aggregate email reports. If your URI includes a comma, you must<\/strong> URI-encode the comma. To add a size limit for the report, include an exclamation point, a number, and a file size unit to the end of the URI. For example: mailto:reports@example.com!50m<\/code>. You can specify the following file size units:\n
                                        \n
                                      • k<\/code> \u2014 Kilobytes.<\/li>\n
                                      • m<\/code> \u2014 Megabytes.<\/li>\n
                                      • g<\/code> \u2014 Gigabytes.<\/li>\n
                                      • t<\/code> \u2014 Terabytes.<\/li>\n<\/ul>\n<\/li>\n
                                      • Send Failure Reports To<\/em> \u2014 A comma-separated list of URIs to which to send failure email reports.<\/li>\n<\/ul>\n
                                        DNAME<\/h5>\n

                                        Delegation Name \u2014 This record sets an alias for an entire DNS name space. This differs from the CNAME record, which only provides an alias for a single name.<\/p>\n

                                        DS<\/h5>\n

                                        Delegation Signer \u2014 This record identifies the DNSSEC signing key of a delegation zone. You can obtain this information from your domain\u2019s registrar.<\/p>\n

                                        \n
                                        Important:<\/div>\n
                                        \n

                                        This record type does not<\/strong> update the information with your registrar.<\/p>\n<\/p><\/div>\n<\/div>\n

                                        You can set the following values:<\/p>\n

                                          \n
                                        • Key tag<\/em> \u2014 The key tag of the DNSKEY the DS record refers to, in network byte order.<\/li>\n
                                        • Algorithm<\/em> \u2014 The algorithm number of the DNSKEY the DS record refers to.<\/li>\n
                                        • Digest Type<\/em> \u2014 The algorithm used to generate the Digest<\/em> field.<\/li>\n
                                        • Digest<\/em> \u2014 The digest that the algorithm generates.<\/li>\n<\/ul>\n

                                          For more information, read the View DNSSEC Keys section.<\/p>\n

                                          HINFO<\/h5>\n

                                          Host Information \u2014 This record provides information about the host\u2019s CPU type and operating system. This allows protocols to choose the best way to communicate with a similar host. You can set the following values:<\/p>\n

                                            \n
                                          • CPU<\/em> \u2014 The host\u2019s CPU type.<\/li>\n
                                          • Operating System<\/em> \u2014 The host\u2019s operating system.<\/li>\n<\/ul>\n
                                            LOC<\/h5>\n

                                            Location Record \u2014 This record specifies a domain name\u2019s geographical location. You can set the following values:<\/p>\n

                                              \n
                                            • Latitude<\/em> \u2014 The location\u2019s latitude, in Degrees Minutes Seconds (DMS) format.<\/li>\n
                                            • Longitude<\/em> \u2014 The location\u2019s longitude, in Degrees Minutes Seconds (DMS) format.<\/li>\n
                                            • Altitude<\/em> \u2014 The location\u2019s altitude, in meters.<\/li>\n
                                            • Size<\/em> \u2014 The diameter of a sphere that encloses the entire location, in meters,<\/li>\n
                                            • Horizontal<\/em> \u2014 The location\u2019s horizontal precision, in meters.<\/li>\n
                                            • Vertical<\/em> \u2014 The location\u2019s vertical precision, in meters.<\/li>\n<\/ul>\n
                                              MX<\/h5>\n

                                              Mail Exchanger \u2014 This record identifies the servers that handle a domain\u2019s email. Changes that you make to this record control where the server delivers a domain\u2019s email. You can set the following values:<\/p>\n

                                                \n
                                              • Priority<\/em> \u2014 Identifies the servers that handle a domain\u2019s email. This value for each MX record determines the order in which other mail servers will use the domain\u2019s mail server. A lower value indicates a higher priority level. A value of 0<\/code> indicates the highest priority level.<\/li>\n
                                              • Destination<\/em> \u2014 The mail server. This must be a fully-qualified domain name (FQDN).<\/li>\n<\/ul>\n
                                                NAPTR<\/h5>\n

                                                Naming Authority Pointer \u2014 This record specifies a regular-expression-based rewriting rule. This creates a domain label to use with lookup services that aren\u2019t in domain name syntax. You can set the following values:<\/p>\n

                                                  \n
                                                • Order<\/em> \u2014 A 16-bit unsigned integer that specifies the order that the NAPTR records process. Low numbers process before high numbers.<\/li>\n
                                                • Preference<\/em> \u2014 A 16-bit unsigned integer. This value sets the order in which two or more records with identical Order<\/em> values process. Low numbers process before high numbers.<\/li>\n
                                                • Flags<\/em> \u2014 A flag that controls how NAPTR uses the query output. You can use one of the following flags: S<\/code>, A<\/code>, U<\/code>, or P<\/code>.<\/li>\n
                                                • Service<\/em> \u2014 A string that specifies the protocol and service available on the rewrite path.<\/li>\n
                                                • Regexp<\/em> \u2014 A string that contains the regex expression to find the next domain lookup.<\/li>\n
                                                • Replacement<\/em> \u2014 The next fully-qualified domain name (FQDN) to query. This action depends on the Flags<\/em> field.<\/li>\n<\/ul>\n
                                                  NS<\/h5>\n

                                                  Name Server Record \u2014 This record delegates a DNS zone to use the specified authoritative name server. This must be a fully-qualified domain name (FQDN).<\/p>\n

                                                  PTR<\/h5>\n

                                                  PTR Resource Record \u2014 This record provides a pointer to a canonical name. Unlike the CNAME record, DNS processing stops and only<\/strong> returns the name. This is most commonly used to implement reverse DNS lookups.<\/p>\n

                                                  RP<\/h5>\n

                                                  Responsible Person \u2014 This record provides information about the person responsible for the domain. You can set the following values:<\/p>\n

                                                    \n
                                                  • Mbox-dname<\/em> \u2014 The responsible person\u2019s email address (for example, username@example.com<\/code>).<\/li>\n
                                                  • Txt-dname<\/em> \u2014 A related hostname or domain name for which TXT records exist. This entry must<\/strong> end in a period (.<\/code>).<\/li>\n<\/ul>\n
                                                    SOA<\/h5>\n

                                                    Start of Authority Record \u2014 This record specifies the authoritative information about a DNS zone. This includes the following information:<\/p>\n

                                                      \n
                                                    • Primary name server.<\/li>\n
                                                    • The domain administrator\u2019s email.<\/li>\n
                                                    • The domain\u2019s serial number.<\/li>\n
                                                    • Other information related to refreshing the zone.<\/li>\n<\/ul>\n
                                                      \n
                                                      Important:<\/div>\n
                                                      \n

                                                      You cannot<\/strong> add or delete an SOA record. You can only edit it.<\/p>\n<\/p><\/div>\n<\/div>\n

                                                      This record contains the following values:<\/p>\n

                                                        \n
                                                      • Serial<\/em> \u2014 The version number of the original copy of the zone. Zone transfers will preserve this value.\n
                                                        \n
                                                        Note:<\/div>\n
                                                        \n

                                                        You cannot<\/strong> edit this value. This value increments by one every time you alter a domain\u2019s DNS record.<\/p>\n<\/p><\/div>\n<\/div>\n<\/li>\n

                                                      • Mname<\/em> \u2014 The name server that provides the data for a zone.<\/li>\n
                                                      • Retry<\/em> \u2014 The time interval, in seconds, before the zone tries to refresh again after a failure.<\/li>\n
                                                      • Refresh<\/em> \u2014 The time interval, in seconds, before the zone refreshes.<\/li>\n
                                                      • Expire<\/em> \u2014 The time interval, in seconds, that specifies the time before a zone is no longer authoritative.<\/li>\n
                                                      • Rname<\/em> \u2014 The responsible person\u2019s email address (for example, username@example.com<\/code>).<\/li>\n<\/ul>\n
                                                        SRV<\/h5>\n

                                                        Service Record \u2014 This record provides data about available services on specific ports on your server. You can set the following values:<\/p>\n

                                                          \n
                                                        • Priority<\/em> \u2014 The service record\u2019s priority value. A lower value indicates a higher priority level. A value of 0<\/code> indicates the highest priority level.<\/li>\n
                                                        • Weight<\/em> \u2014 This value ranks entries that share the same Priority<\/em> value. For example, a record with a 0<\/code> priority level and an 8<\/code> weight value will rank lower than a record with a 0<\/code> priority level and 4<\/code> weight value.<\/li>\n
                                                        • Port<\/em> \u2014 The service\u2019s target port number.<\/li>\n
                                                        • Target<\/em> \u2014 The service\u2019s target hostname.<\/li>\n<\/ul>\n
                                                          TXT<\/h5>\n

                                                          Text Record \u2014 This record contains text data for various services to read. For example, TXT records can specify data for SPF, DKIM, or DMARC email authentication. You can use WHM\u2019s Email Deliverability<\/em> interface (WHM >> Home >> Email >> Email Deliverability<\/em>) to manage your server\u2019s SPF and DKIM records.<\/p>\n

                                                          \n
                                                          Important:<\/div>\n
                                                          \n

                                                          The Record<\/em> text box will accept invalid data. Make certain<\/strong> you enter the correct record information.<\/p>\n<\/p><\/div>\n<\/div>\n

                                                          Delete a DNS zone record<\/h4>\n

                                                          To delete a DNS zone record, perform the following steps:<\/p>\n

                                                            \n
                                                          1. Click Manage<\/em> for the domain that you want to modify. A new interface will appear.<\/li>\n
                                                          2. Click Delete<\/em> next to the record that you want to remove.<\/li>\n
                                                          3. Click Continue<\/em> to delete the record, or click Cancel<\/em>.<\/li>\n<\/ol>\n

                                                            Reset DNS zone files<\/h4>\n
                                                            \n
                                                            Important:<\/div>\n
                                                            \n

                                                            When you reset a zone file, the system removes all<\/strong> custom zone records. Make certain that you save any records you wish to keep before<\/strong> you perform this action.<\/p>\n<\/p><\/div>\n<\/div>\n

                                                            To reset a domain\u2019s DNS zone file, perform the following steps:<\/p>\n

                                                              \n
                                                            1. Click Manage<\/em> for the domain that you want to modify. A new interface will appear.<\/li>\n
                                                            2. In this interface, click Actions<\/em> above the zone record table.<\/li>\n
                                                            3. Select Reset DNS Zone<\/em> from the menu. A confirmation window will appear.<\/li>\n
                                                            4. Click Continue<\/em> to reset the domain\u2019s DNS zone file, or click Cancel<\/em>.<\/li>\n<\/ol>\n

                                                              View Raw DNS Zone File<\/h4>\n

                                                              To view the DNS zone file in raw format, perform the following steps:<\/p>\n

                                                                \n
                                                              1. Click Actions<\/em> above the zone record table.<\/li>\n
                                                              2. Select View Raw DNS Zone File<\/em> from the menu. A new interface will appear that displays the DNS zone file in its raw format.<\/li>\n
                                                              3. To copy the file, click Copy<\/em>, or click Return to Editor<\/em> to exit the Manage DNS Zone Records<\/em> interface.<\/li>\n<\/ol>\n

                                                                View DNSSEC Keys<\/h2>\n

                                                                This interface lets you manage a domain\u2019s DNSSEC keys. DNSSEC keys use digital signatures to strengthen DNS authentication. These digital signatures use public key cryptography to sign the DNS data. However, these digital signatures do not<\/strong> sign the DNS queries and responses.<\/p>\n

                                                                The interface displays the following information:<\/p>\n

                                                                  \n
                                                                • \"Expand \u2014 This setting will display the following details about a DNSSEC key:\n
                                                                    \n
                                                                  • Algorithm<\/em> \u2014 The DNSSEC key\u2019s algorithm.<\/li>\n
                                                                  • Status<\/em> \u2014 Whether the key is active or inactive.<\/li>\n
                                                                  • Deactivate<\/em> \u2014 Deactivate the DNSSEC key. If you click this setting, a confirmation window will appear.<\/li>\n
                                                                  • Delete<\/em> \u2014 Delete the DNSSEC key. If you click this setting, a confirmation window will appear.\n
                                                                    \n
                                                                    Important:<\/div>\n
                                                                    \n

                                                                    When you deactivate or delete a DNSSEC key, you must<\/strong> remove the Domain Server (DS) record at your domain registrar.<\/p>\n<\/p><\/div>\n<\/div>\n<\/li>\n

                                                                  • Public DNSKEY<\/em> \u2014 Display the public DNSKEY record. The Public DNSKEY<\/em> interface will appear.<\/li>\n<\/ul>\n<\/li>\n
                                                                  • Key Tag<\/em> \u2014 An integer value that identifies the domain\u2019s DNSSEC record.<\/li>\n
                                                                  • Key Type<\/em> \u2014 Whether the key configuration is Zone Signing Key (ZSK), Combined Signing Key (CSK), or Key Signing Key (KSK).<\/li>\n
                                                                  • Algorithm<\/em> \u2014 The algorithm type that constructs the digests.<\/li>\n
                                                                  • Created<\/em> \u2014 The key\u2019s creation date.<\/li>\n<\/ul>\n

                                                                    You can also perform the following actions for each DNSSEC key:<\/p>\n

                                                                      \n
                                                                    • View DS Records<\/em> \u2014 Display the domain\u2019s DS records. The DNSSEC Key Details interface will appear.<\/li>\n
                                                                    • Export<\/em> \u2014 Export the domain\u2019s DNSSEC key. The Export DNSSEC Key interface will appear.<\/li>\n<\/ul>\n

                                                                      Create Key<\/h3>\n

                                                                      This feature lets you create a new DNSSEC key. You can select whether to create a system-generated key, or create a customized DNSSEC key.<\/p>\n

                                                                      \n
                                                                      Important:<\/div>\n
                                                                      \n

                                                                      When you create a domain DNSSEC key, you must<\/strong> configure a DS record with your domain registrar.<\/p>\n<\/p><\/div>\n<\/div>\n

                                                                      Quick DNSSEC key creation<\/h4>\n

                                                                      To quickly create a DNSSEC key, perform the following steps:<\/p>\n

                                                                        \n
                                                                      1. Click Create Key<\/em>. A confirmation window will appear.<\/li>\n
                                                                      2. Click Create<\/em>. The DNSSEC Key Details<\/em> interface will appear with the keys\u2019 details.<\/li>\n<\/ol>\n

                                                                        Custom DNSSEC key creation<\/h4>\n

                                                                        To create a custom DNSSEC key with a stronger algorithm, perform the following steps:<\/p>\n

                                                                          \n
                                                                        1. Click Create<\/em>. A confirmation window will appear.<\/li>\n
                                                                        2. Click Customize<\/em>. The Create DNSSEC Keys<\/em> interface will appear.<\/li>\n
                                                                        3. In the Key Setup<\/em> section, select the desired DNSSEC key configuration:\n
                                                                            \n
                                                                          • Classic<\/em> \u2014 Create with a ZSK and a KSK keypair.<\/li>\n
                                                                          • Simple<\/em> \u2014 Create with a CSK, which the system will use as both the ZSK and KSK. This setting disables<\/strong> the RSA\/SHA-256 (Algorithm 8)<\/em> and RSA\/SHA-512 (Algorithm 10)<\/em> settings in the Algorithm<\/em> section.<\/li>\n<\/ul>\n<\/li>\n
                                                                          • In the Algorithm<\/em> section, select the desired algorithm:\n
                                                                              \n
                                                                            • RSA\/SHA-256 (Algorithm 8)<\/em><\/li>\n
                                                                            • RSA\/SHA-512 (Alroithm 10)<\/em><\/li>\n
                                                                            • ECDSA Curve P-256 with SHA-256 (Algorithm 13)<\/em><\/li>\n
                                                                            • ECDSA Curve P-384 with SHA-384 (Algorithm 14)<\/em><\/li>\n<\/ul>\n<\/li>\n
                                                                            • In the Status<\/em> section, select whether to activate the newly-generated key.<\/li>\n
                                                                            • Click Create Key<\/em>. An interface will appear with the new key\u2019s details.<\/li>\n
                                                                            • To enable DNSSEC for your domain, you must<\/strong> go to your domain registrar. Use the information provided in this interface to fill out their DNSSEC forms. For more information about some popular domain registrars, read the Domain registrar DS records section.<\/li>\n<\/ol>\n

                                                                              Import Key<\/h3>\n

                                                                              This feature lets you import a DNSSEC key. When you select this setting, the system directs you to the Import DNSSEC Key<\/em> interface. In this interface, you can perform the following steps:<\/p>\n

                                                                                \n
                                                                              1. In the Key Type<\/em> menu, select whether to import a key as a KSK or ZSK key.<\/li>\n
                                                                              2. Enter the DNSSEC key\u2019s details in the text box provided in the Key<\/em> section.<\/li>\n
                                                                              3. Click Import<\/em> to import the DNSSEC key. A confirmation interface will appear.<\/li>\n<\/ol>\n

                                                                                Export<\/h3>\n

                                                                                This feature provides the information you need to export a DNSSEC key. When you select this setting, the system directs you to the Export DNSSEC Key interface. This interface displays the following details about a domain\u2019s DNSSEC key:<\/p>\n

                                                                                  \n
                                                                                • Domain<\/em> \u2014 The domain in the DNS record.<\/li>\n
                                                                                • Key Tag<\/em> \u2014 An integer value that identifies the domain\u2019s DNSSEC record.<\/li>\n
                                                                                • Key Type<\/em> \u2014 Whether the key is ZSK, CSK, or KSK.<\/li>\n
                                                                                • Key<\/em> \u2014 The DNSSEC key. Click Copy<\/em> to copy the key to your computer\u2019s clipboard.<\/li>\n<\/ul>\n

                                                                                  Public DNSKEY<\/h3>\n

                                                                                  This feature allows you to view a public DNSKEY record\u2019s details. When you select this setting, the system directs you to the Public DNSKEY<\/em> interface. This interface displays the following information:<\/p>\n

                                                                                    \n
                                                                                  • Domain<\/em> \u2014 The domain in the DNS record.<\/li>\n
                                                                                  • Public DNSKEY<\/em> \u2014 The public DNSKEY record.<\/li>\n<\/ul>\n

                                                                                    View DS Records<\/h3>\n

                                                                                    This feature allows you to view a DNSSEC key\u2019s details. When you select this setting, the system directs you to the DNSSEC Key Details<\/em> interface. This interface displays the following information:<\/p>\n

                                                                                      \n
                                                                                    • Domain<\/em> \u2014 The domain in the DNS record.<\/li>\n
                                                                                    • Key Tag<\/em> \u2014 An integer value that identifies the domain\u2019s DNSSEC record.<\/li>\n
                                                                                    • Algorithm<\/em> \u2014 The algorithm type that constructs the digests.<\/li>\n
                                                                                    • Created<\/em> \u2014 The key\u2019s creation date.<\/li>\n
                                                                                    • Digests<\/em> \u2014 The alphanumeric strings the algorithm generates.<\/li>\n<\/ul>\n

                                                                                      To add a DS Record to the domain\u2019s registrar, perform the following steps:<\/p>\n

                                                                                        \n
                                                                                      1. Determine the digest type that your registrar uses.<\/li>\n
                                                                                      2. Click Copy<\/em> for the appropriate digest record.<\/li>\n
                                                                                      3. Visit your registrar\u2019s website and add the information that they request for your domain. For more information about some popular domain registrars, read the Domain registrar DS records section.<\/li>\n<\/ol>\n

                                                                                        Domain registrar DS records<\/h3>\n

                                                                                        Any time you create, modify, or remove a domain\u2019s DNSSEC key, you must<\/strong> configure a Delegation Signer (DS) record with your domain registrar. The following are some of the most popular domain registrars. Visit their website to read their DNSSEC management documentation.<\/p>\n

                                                                                          \n
                                                                                        • GoDaddy<\/li>\n
                                                                                        • Namecheap<\/li>\n
                                                                                        • OpenSRS<\/li>\n<\/ul><\/div>\n","protected":false},"excerpt":{"rendered":"

                                                                                          Valid for versions 98 through the latest version Version: 86 88 92 96 98 Overview This feature allows you to edit the records in a domain\u2019s DNS (Domain Name System) zone file. DNS converts human-readable domain names (for example, example.com) to computer-readable IP addresses (for example, 192.0.0.1). To perform this function, DNS relies on zone …<\/p>\n","protected":false},"author":1,"featured_media":943,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/942"}],"collection":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/comments?post=942"}],"version-history":[{"count":0,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/942\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media\/943"}],"wp:attachment":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media?parent=942"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/categories?post=942"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/tags?post=942"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}