I am using VPS and ISPConfig, while the domain is on Cloudflare nameservers.
Currently my .hr (croatia) TLD registry does not have an DS field when I manage my domain with their interface, so my only option is to generate through ISPConfig and add the DS/DNSKEY directly to the Cloudflare DNS interface.
example.com verifies DNSSEC with a public key encrypted with RSASHA1-NSEC3-SHA1.
dig A example.com. @localhost +noadditional +dnssec +multiline
I got all the needed recorcds.
/etc/bind/named.conf.local - I see the example.com signed
/etc/bind/named.conf.options - I have the dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto;
Now I have to wait for some time to pass to “flush” the DS key record on the TLD (.hr - Croatia), right?
If your registrar doesn’t support DNSSEC, then you can’t add DNSSEC to your domain. DS records have to be added to the parent, and for you, that would be .hr
So, it means I have to send a complain to the ICANN because .hr domain registry cannot accept and has no option on the domain management/administration for the DNSSEC?
Which means, the parameters given from Cloudflare cannot be added and DNSSEC cannot be activated?
But why they tell us DNSSEC over .hr domain TLD is possible, while it is not? Either they held few workshops regarding the DNSSEC.
> Ako ste korisnik .hr domene potrebno je u administraciji domene (samostalno ili preko ovlaštenog registrara) upisati DS zapise (engl. delegation signer) i na taj način omogućiti korištenje DNSSEC-a. DS zapise korisniku domene osigurava pružatelj hosting usluge kod koga su udomljene web stranice.
> If you are a .hr domain holder it is necessary to enter DS ( delegation signer ) records in the domain administration, individually or through an authorized Registrar and thus allow the use of DNSSEC. DS records are provided to the domain holder by hosting services.
Can someone write me and any help how can I write back to them to make it possible over their DNS interface to add the needed and support that feature?