Adding DS Records to Domains


#1

So I’ve decided to move forward with adding DNSSEC support to all of my domains, however it looks like Dreamhost’s DNS panel doesn’t allow for the creation of DS records. Is filing a support ticket really the only way to do this? It doesn’t seem ideal.

I have around a dozen domains to update, should I request these as a batch or with individual tickets?

Either way, I definitely think that Dreamhost needs to add the ability to set DS records; having to go through support if I need to change anything isn’t exactly an ideal way to manage this. I realise you don’t currently support DNSSEC directly (unless I’ve missed it somewhere?) but with Cloudflare making this easy it seems a no-brainer to add.


#2

I looked at the documentation for DNSSEC at DreamHost and it looks like at the moment DNSSEC is supported only at the registrar level. If the domains use DreamHost DNS servers then you can’t use DNSSEC. Although I know there are plans to change that, I don’t have a date for when this will happen unfortunately.


#3

What would be the difficulty in supporting it? We can already add different DNS record types from the panel, and if I use CloudFlare it generates the DS record for me, so all I should need to do is enter it surely?

Obviously Dreamhost supporting automatic creation of the records and handling of the public/private key would be ideal, but for a CloudFlare proxied domain all I need is to set the DS record I think, so that’s the only support that customers using CloudFlare would require for now.


#4

I don’t know enough to give you a 100% reliable answer but I suspect it has to do with DNSSEC being not as trivial as it looks.

Your request reminded me of an article arguing against DNSSEC https://sockpuppet.org/blog/2015/01/15/against-dnssec/ (and there is a counter-argument, in favor of it https://www.easydns.com/blog/2015/08/06/for-dnssec/)


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.