Follow-up of 2025 topic: Managed DNS Hosting - deSEC Community
Hi All,
I recently registered a `.top` domain at OVH, and have migrated my DNS to deSEC.
The last thing I’m missing is the DNSSEC config.
I ran the DNSSEC analyzer tool https://dnssec-analyzer.verisignlabs.com/.
The only red mark is `No DS records found for mydomain.top in the top zone`.
This indicates I have to manually fill in the DS Record at OVH.
Current issue: DNSSEC algo mismatch
On the one hand, OVH proposes to register the `DS Record` using the algorithm `5 - RSASHA1` (only one option).
In the other hand, deSEC offers DS + DNSKEY Format with Algorithm `13 - ECDSAP256-SHA256`.
I tried; at the time of writing, OVH won’t accept deSEC provided key/tag/flag.
How to solve this situation?
- Can deSEC provide a DS Format using algo 5 ? (less robust then algo 13 I assume)
- Should I write to OVH to accept a DS record with algo 13? (stakes are low I think)
I’ve hear OVH is slow to adopt new standard. What middle ground do we have here?
How do other people using OVH as registrar do do have a valid DNSSEC config?
—
Here is a screenshot of the OVH add `DS Record` popup (it received comments in the past):
Thanks
~lila