You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/dns/dnssec-how-to.md
+8-4Lines changed: 8 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -46,7 +46,7 @@ To sign your zone with DNSSEC using the Azure portal:
46
46
47
47
6. Copy the delegation information and use it to create a DS record in the parent zone.
48
48
49
-
1. If the parent zone is a top level domain (for example: `.com`) or you don't own the parent zone, you must add the DS record at your registrar. Each registrar has its own process. The registrar might ask for values such as the Key Tag, Algorithm, Digest Type, and Key Digest. In the example shown here, these values are:
49
+
1. If the parent zone is a top level domain (for example: `.com`), you must add the DS record at your registrar. Each registrar has its own process. The registrar might ask for values such as the Key Tag, Algorithm, Digest Type, and Key Digest. In the example shown here, these values are:
50
50
51
51
**Key Tag**: 4535<br>
52
52
**Algorithm**: 13<br>
@@ -60,6 +60,8 @@ To sign your zone with DNSSEC using the Azure portal:
60
60
[](./media/dnssec-how-to/ds-add.png#lightbox)
61
61
[](./media/dnssec-how-to/ds-added.png#lightbox)
62
62
63
+
3. If you don't own the parent zone, send the DS record to the owner of the parent zone with instructions to add it into their zone.
64
+
63
65
7. When the DS record has been uploaded to the parent zone, select the DNSSEC information page for your zone and verify that **Signed and delegation established** is displayed. Your DNS zone is now fully DNSSEC signed.
64
66
65
67
[](./media/dnssec-how-to/delegated.png#lightbox)
@@ -118,14 +120,16 @@ In these examples, the DS values are:
3. If the parent zone is a top level domain (for example: `.com`) or you don't own the parent zone, you must add the DS record at your registrar. Each registrar has its own process.
123
+
3. If the parent zone is a top level domain (for example: `.com`), you must add the DS record at your registrar. Each registrar has its own process.
122
124
123
125
4. If you own the parent zone, you can add a DS record directly to the parent yourself. The following example shows how to add a DS record to the DNS zone **adatum.com** for the child zone **secure.adatum.com** when both zones are signed and hosted using Azure Public DNS:
124
126
125
127
```azurepowershell-interactive
126
128
az network dns record-set ds add-record --resource-group "your-resource-group" --zone-name "adatum.com" --record-set-name "secure" --key-tag <key-tag> --algorithm <algorithm> --digest <digest> --digest-type <digest-type>
127
129
```
128
130
131
+
5. If you don't own the parent zone, send the DS record to the owner of the parent zone with instructions to add it into their zone.
132
+
129
133
## [PowerShell](#tab/sign-powershell)
130
134
131
135
1. Sign and verify your zone using PowerShell:
@@ -164,15 +168,15 @@ In these examples, the DS values are:
3. If the parent zone is a top level domain (for example: `.com`) or you don't own the parent zone, you must add the DS record at your registrar. Each registrar has its own process.
171
+
3. If the parent zone is a top level domain (for example: `.com`), you must add the DS record at your registrar. Each registrar has its own process.
168
172
169
173
4. If you own the parent zone, you can add a DS record directly to the parent yourself. The following example shows how to add a DS record to the DNS zone **adatum.com** for the child zone **secure.adatum.com** when both zones are signed and hosted using Azure Public DNS. Replace \<key-tag\>, \<algorithm\>, \<digest\>, and \<digest-type\> with the appropriate values from the DS record you queried previously.
0 commit comments