I have a .leg.br domain It’s a government dns domain, in this domain it is mandatory to use dnssec, but they told me I need to configure dnssec in my server to the domain works, main question is: How to enable dnssec on a vps hosting or via cpanel? How do I get DS.NAMESERVER.COM insted of NS.NAMESERVER.COM ?
Due to internal bureaucracy they did’t accepted the cloudeflare DNSSEC option because it need to be pointed without dnssec first to next enable dnssec The domain it’s already with dnssec enable but they don’t give me ownership of the domain they don’t even allow me to edit nameservers and things like that, what they told me is that I need to configure DNSSEC in my server and send them the Authoritative records. so this way they will put records in the domain that’s the question , How can I enable DNSSEC in my vps. or create a DNSSEC server in my vps?
2
Answers
If you must support DNSSEC, your best bet is to use a DNS hosting service that supports managed DNSSEC. Your VPS hosting service won’t be one of them, and cpanel does not support it either, I would expect.
Your choices right now (March 2017) are basically CloudFlare (if it has to be free, and if leg.br registry supports ECDSA DNSSEC keys), or Google Cloud DNS alpha support for DNSSEC. I believe that Verisign offers managed DNSSEC as well, but perhaps only if they are your registrar, and if so I doubt they are able to support .leg.br domains.
cPanel/WHM now supports DNSSEC since version 60 through a new module called PowerDNS.
Note: This feature does not currently work with DNS clustering.
Enable DNSSEC for a Server
To enable PowerDNS in WHM, you can find this information in the documentation at https://documentation.cpanel.net/display/CKB/How+to+Use+cPanel%27s+PowerDNS
Create a DNSSEC Record for a Domain
Since version 64? you can setup DNSSEC for a domain through cPanel (not WHM). You can find documentation here https://documentation.cpanel.net/display/ALD/Zone+Editor#ZoneEditor-DNSSEC
You must use the information cPanel provides you to setup the DS record with the domain registrar. It cannot be setup on the cPanel/WHM server.
I tested this on my own domain with a NetEarthOne account and it was extremely straight forward (thankfully)