I registered my domain (aphome.be) a couple of days ago and set everything in motion to activate DNSSEC. I don’t have the possibility to add DS or DNSKEY records myself but my registrar, who is really helpful btw, let me know they could not configure the DNSKEY. They ran into an error (see screenshot below).
Thanks for your message, and welcome to deSEC! Sorry for the late response.
The error message says “wrong key tag”. The key tag is redundant information (it can be computed from the other key fields), and it is normally not used when entering a DNSKEY. (It is mainly used in DS records.)
The key tag for your key is 6630, so please tell your provider to try this value. (This is also the value that should appear in the first field of your DS records in our web interface, so take a look there to verify.)
The 257 value actually belongs into the “flags” field, and KSK means the same as 257.