DnsSecKey

Introduction

This short document will give you an overview of what you need to do to create a DNSSEC Handle and what small steps are needed. If your DNS provider offers you DNSSEC he should have made the relevant data visible to you if not you can create the data manually if you have some basic understanding go ISC Bind Tools and DNS. With Ascio you can create DNSSEC Handles in 3 different ways:

In most cases, only the Digest needs to be published in ASCIO DB.

DNS Query by hand and create the digest

To get the key via dns query dig DNSKEY getlost.ch and you would get something like:

getlost.ch.21600 IN25737INAwEAAZI6QOGu1ufPahKerQzTp+wWQ96Qh5hKXIMOTNVF1D+rsbMBau4f zUmz+Lh/E8r9FSC3/X71p4HDCFPwT9OFp2J2eSPUBclZmwYfLRs1J4aA oWgCr5HI5G5MV6X/GGAB8U0gBrlwRZPAyELEIINbnEHblMIrIpUQkVH9 rOiwN81fDtrnjr2QrMpMz8rRBoj8TBKr9yXAT49RrJeAfLL0SgU=

From there you modify the file to have something like below:

getlost.ch.21600 IN25737IN(AwEAAZI6QOGu1ufPahKerQzTp+wWQ96Qh5hKXIMOTNVF1D+rsbMBau4f zUmz+Lh/E8r9FSC3/X71p4HDCFPwT9OFp2J2eSPUBclZmwYfLRs1J4aA oWgCr5HI5G5MV6X/GGAB8U0gBrlwRZPAyELEIINbnEHblMIrIpUQkVH9 rOiwN81fDtrnjr2QrMpMz8rRBoj8TBKr9yXAT49RrJeAfLL0SgU=); key id = 54951

After you created the key file or are on the DNS server, you can use the Bind tools to do the following:

Usage

Please use the numbers in brackets for the DigestAlgorithm, DigestType, KeyAlgorithm and KeyType. Please use the nameserver update order-type to update the DnsSec.

PropertyDescription
HandleExample: "JD123"
Status
DigestAlgorithmDSA-SHA1 (3), RSA-SHA1 (5), DSA-SHA1-NSEC3 (6), RSA-SHA1-NSEC3 (7), RSA-SHA256 (8), RSA-SHA512 (10), ECC-GOST (12), ECDSAP256-SHA256 (13)
Example: "RSA-SHA256"
DigestTypeSHA-1 (1), SHA-256 (2)
Example: "SHA-256"
DigestExample: "846E5ED4AB6788032B89393619752F662CF2B7B2046A8EC0804DF88F1469AC1E"
Protocol3
KeyTypeZone Signing Key (256), Key Signing Key (257)
KeyAlgorithmDSA-SHA1 (3), RSA-SHA1 (5), DSA-SHA1-NSEC3 (6), RSA-SHA1-NSEC3 (7), RSA-SHA256 (8), RSA-SHA512 (10), ECC-GOST (12), ECDSAP256-SHA256 (13)
KeyTagExample: "2224"
PublicKey
CreDate

Used in Classes

<soapenv:Envelope xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns:v3="http://www.ascio.com/2013/02" xmlns:v2="http://www.ascio.com/2007/01" xmlns:service="http://www.ascio.com/2013/02/AscioService" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Body>
        <v2:DnsSecKey>
            <v2:DigestAlgorithm>RSA-SHA256</v2:DigestAlgorithm>
            <v2:DigestType>SHA-256</v2:DigestType>
            <v2:Digest>846E5ED4AB6788032B89393619752F662CF2B7B2046A8EC0804DF88F1469AC1E</v2:Digest>
            <v2:KeyTag>2224</v2:KeyTag>
        </v2:DnsSecKey>
    </soapenv:Body>
</soapenv:Envelope>
WSDL for AWS v2
https://aws.demo.ascio.com/2012/01/01/AscioService.wsdl (OTE)
https://aws.ascio.com/2012/01/01/AscioService.wsdl (Live)