How to use DNSSEC in BIND?

The DNSSEC feature just showed up for me after today’s update. I don’t see anything in the wiki about it and looking at doesn’t really tell me the impact on my existing sites if I start putting it in, etc.

Can I just generate any key I’d like there? If so, are there any recommendations for best compatibility, and how I could go about testing the installation afterwards (preferably via an external service)


Unfortunately, at the current time DNSSEC isn’t really very useful in practice. The reason is that the root zone has not yet been signed, so there is no way for DNS clients to follow a path of trust to ensure that your zones are properly signed.

Once this happens (which is really a political issue), and once registrars start accepting DNSSEC public keys, I will publish Virtualmin docs explaining how to use DNSSEC.

Now that the root zone is signed, is there any new information on this issue?

I searched for documentation first, I promise.


I would like to resurrect this thread

I just started using DNSSEC last week with a new install of Virtualmin. You enable it in Virtualmin and add the corresponding “key tag” and “digest” in the registrar’s control panel for the corresponding domain.