2

I am looking for the DNSSEC values (Key tag, Algorithm, Digest Type, and Digest) in Google Cloud DNS so that I can create a DS record for my domain in Google Domains.

Serhii Rohoza
  • 4,287
  • 2
  • 16
  • 29
Mikep
  • 21
  • 1
  • 1
    Who is hosting your DNS servers? For Google Cloud DNS, go to your domain. In the top right click "REGISTRAR SETUP". This will generate the values you need. If you are using different DNS servers, edit your question with details. – John Hanley Sep 28 '20 at 01:34
  • I was using Google Domains then just switched to Cloudflare. – Mikep Sep 29 '20 at 16:04
  • The CLI can generate the DS record for Google Domains `gcloud dns dns-keys describe 0 --zone --format "value(ds_record())"` The KSK is usually ID 0. You can list DNSKEYs `gcloud dns dns-keys list --zone – John Hanley Mar 06 '21 at 22:26

2 Answers2

3

I assume that you're following Google Domains documentation Set up DNSSEC security and want to configure Google Cloud DNS as your custom name servers.

At first, follow the instruction Managing DNSSEC Configuration to enable DNSSEC. Then, follow the documentation DNSSEC and registrars and activate DNSSEC at registrar side (Google Domains in your case).

After enabling DNSSEC for your zone, you must activate DNSSEC at your registrar. You do this by creating a DS record for your domain in the parent zone, so that resolvers know your domain is DNSSEC-enabled and can validate its data.

You can find required values at REGISTRAR SETUP menu in the top right corner:

registrar setup which shows you: ds values

In addition, have a look at the community tutorial Activating DNSSEC for Cloud DNS domains:

This tutorial is for DNS domain administrators using Google Cloud DNS who have enabled DNSSEC on the managed zones for their domains. It shows how to activate DNSSEC validation for those domains by adding DS records through their domain registrars. The specifics depend on the domain registrar, and this does not give detailed instructions for all domain registrars. It does have basic instructions and links for the most popular registrars and many others that support DNSSEC.

This tutorial also has instructions for de-activating DNSSEC by removing DS records. This is an essential step you must perform before disabling DNSSEC for Google Cloud DNS.

Serhii Rohoza
  • 4,287
  • 2
  • 16
  • 29
1

Using Google Cloud Platform, you can check these settings on Network Service > Cloud DNS > Click your zone or create a new one with DNSSEC turned On > Click Registrar Setup > Click MORE DNSSEC SETTINGS.

For more information about the topic, you can check this official GCP Documentation. [DNSSEC] 1

Alex G
  • 1,179
  • 3
  • 15