It has taken me a while but i finally figured out how to configure DNSSEC when using a
eu.org domain with DNS managed by deSEC. Sharing this info here so others can find it, i didnt have any luck in my own research.
For those unaware, you can apply for a free domain at https://nic.eu.org (yes a real free domain, not subdomains etc). They are a non-profit organization that tries to keep the
.org TLD alive. In case you apply for a domain: I dont think you need to be a resident of the EU or anything, and expect some wait time. Some of my domains were granted after 1-2 days, some took 3 weeks.
eu.org domain to deSEC should be pretty straight forward, i wont get into the details for that (copy the two NS from deSEC interface into the
eu.org interface when applying for the domain, wait, done).
What is tricky is enabling DNSSEC with them. This is what the interface at
eu.org looks like for this:
And there is basically no documentation anywhere.
This is how it works: From your deSEC interface, click the little “i” information button at the right side of the domain list and you will see the provided nameservers and DS keys for that domain. (see screenshot below)
You need to copy both DS lines into the field at
BUT its not that simple.
You need to copy and submit each line seperately. Both together does not work.
And you need to change the format a little bit.
In this example, the first line
12804 13 2 7017ce99192...
dummy.eu.org. 86400 IN DS 12804 13 2 7017ce99192...
Paste that into the field and submit it. Then do the same for the second DS record line.
Thats all. You dont need to worry about the DNSKEY that is also provided by deSEC.
Now you wait for propagation and once thats done, you can check for DNSSEC status with good old dig like
dig +dnssec dummy.eu.org and in the header it should have the
ad flag. You can also use a online tool like https://dnssec-analyzer.verisignlabs.com
Now enjoy your free domain with free DNS with enabled DNSSEC
Shoutout and thanks to Peter@deSEC who helped me figuring this out late at night!