The DNSSEC feature just showed up for me after today’s update. I don’t see anything in the wiki about it and looking at http://www.dnssec.net/ doesn’t really tell me the impact on my existing sites if I start putting it in, etc.
Can I just generate any key I’d like there? If so, are there any recommendations for best compatibility, and how I could go about testing the installation afterwards (preferably via an external service)
Unfortunately, at the current time DNSSEC isn’t really very useful in practice. The reason is that the root zone has not yet been signed, so there is no way for DNS clients to follow a path of trust to ensure that your zones are properly signed.
Once this happens (which is really a political issue), and once registrars start accepting DNSSEC public keys, I will publish Virtualmin docs explaining how to use DNSSEC.
I just started using DNSSEC last week with a new install of Virtualmin. You enable it in Virtualmin and add the corresponding “key tag” and “digest” in the registrar’s control panel for the corresponding domain.