Ascio Web Service v3

DNSSEC - Domain Name System Security Extensions

DnsSecKey

This short document will give you an overview of what you need to do to create a DNSSEC Handle and what small steps are needed. If your DNS provider offers you DNSSEC he should have made the relevant data visible to you if not you can create the data manually if you have some basic understanding go ISC Bind Tools and DNS. With Ascio you can create DNSSEC Handles in 3 different ways:

In most cases, only the Digest needs to be published in ASCIO DB.

DNS Query by hand and create the digest

To get the key via dns query dig DNSKEY getlost.ch and you would get something like:

getlost.ch. 21600 IN 257 3 7 IN AwEAAZI6QOGu1ufPahKerQzTp+wWQ96Qh5hKXIMOTNVF1D+rsbMBau4f zUmz+Lh/E8r9FSC3/X71p4HDCFPwT9OFp2J2eSPUBclZmwYfLRs1J4aA oWgCr5HI5G5MV6X/GGAB8U0gBrlwRZPAyELEIINbnEHblMIrIpUQkVH9 rOiwN81fDtrnjr2QrMpMz8rRBoj8TBKr9yXAT49RrJeAfLL0SgU=

From there you modify the file to have something like below:

getlost.ch. 21600 IN 257 3 7 IN (AwEAAZI6QOGu1ufPahKerQzTp+wWQ96Qh5hKXIMOTNVF1D+rsbMBau4f zUmz+Lh/E8r9FSC3/X71p4HDCFPwT9OFp2J2eSPUBclZmwYfLRs1J4aA oWgCr5HI5G5MV6X/GGAB8U0gBrlwRZPAyELEIINbnEHblMIrIpUQkVH9 rOiwN81fDtrnjr2QrMpMz8rRBoj8TBKr9yXAT49RrJeAfLL0SgU=); key id = 54951

After you created the key file or are on the DNS server, you can use the Bind tools to do the following:

Usage

Please use the numbers in brackets for the DigestAlgorithm, DigestType, KeyAlgorithm and KeyType. Please use the nameserver update order-type to update the DnsSec.

Following TLDs support DNSSEC:

as, at, be, co.at, ch, de, nu, co.nz, net.nz, com.sg, co.uk, biz, no, pl, org.nz, per.sg, se, com.pt, nl, eu, com, net, org, ee, ni, net.sg, org.sg, sg, com.ee, edu.pt, edu.sg, int.sg, nz, uy, med.ee, fie.ee, org.ee, pri.ee, ac.nz, mobi, xn--55qx5d, ar.com, xxx, xn--io0a7i, dental, camera, clothing, lighting, ski, bio, immo, archi, singles, ventures, investments, associates, xn--czrs0t, energy, trading, voyage, guru, holdings, equipment, bike, estate, xn--ngbc5azd, contractors, land, plumbing, gallery, graphics, technology, guide, construction, directory, enterprises, kitchen, tips, today, photography, diamonds, careers, shoes, coffee, domains, limo, photos, recipes, viajes, cab, computer, codes, email, academy, accountants, agency, bargains, boutique, builders, business, camp, capital, cards, care, cash, catering, center, cheap, claims, cleaning, clinic, community, company, condos, cool, credit, creditcard, cruises, dating, digital, education, engineering, events, exchange, exposed, fail, fan, farm, finance, financial, fitness, flights, florist, foundation, fund, games, glass, gripe, haus, healthcare, holiday, hospital, house, industries, institute, insure, international, lease, maison, management, medical, network, partners, parts, pets, pictures, productions, properties, reisen, rentals, repair, report, schule, services, solar, solutions, sports, supplies, supply, support, surgery, systems, tax, tienda, tools, tours, town, toys, training, university, vacations, villas, vin, vision, watch, works, wtf, zone, xn--unup4y, xn--vhquv, apartments, coach, coupons, direct, discount, expert, express, fish, forsale, gold, jewelry, marketing, media, plus, rent, theater, tires, abogado, abudhabi, accountant, actor, adult, africa, airforce, alsace, amsterdam, architect, army, attorney, bank, bar, beer, berlin, bid, black, blackfriday, blue, brussels, build, buzz, bzh, cam, capetown, car, career, casa, christmas, click, college, cologne, consulting, cooking, corsica, country, creditunion, cymru, dance, date, dds, degree, democrat, dentist, desi, dot, download, durban, earth, engineer, eus, faith, fans, fishing, fit, frl, futbol, gal, game, gent, gift, gives, gop, green, guitars, hamburg, hiphop, hiv, horse, host, how, immobilien, ink, jetzt, joburg, kaufen, kim, kiwi, koeln, kyoto, lat, lgbt, link, loan, lol, london, lotto, ltda, luxe, luxury, market, melbourne, men, menu, miami, mls, moda, moe, mom, mortgage, moscow, nagoya, navy, ngo, ninja, nrw, nyc, okinawa, one, ong, onl, ooo, osaka, paris, party, photo, physio, pics, pink, porn, press, pub, qpon, quebec, red, rehab, reise, republican, rest, review, reviews, rich, rip, rocks, rodeo, ruhr, ryukyu, saarland, science, sex, sexy, shiksha, social, software, soy, space, sport, srl, stream, surf, swiss, sydney, taipei, tattoo, tirol, tokyo, top, trade, uno, vegas, versicherung, vet, vlaanderen, vodka, vote, voting, voto, wales, wang, webcam, website, whoswho, wien, wiki, win, work, xyz, yokohama, auction, audio, auto, baby, band, bingo, blog, cafe, cars, casino, charity, chat, church, city, cloud, cricket, deals, delivery, design, doctor, dog, family, fashion, film, flowers, football, furniture, fyi, garden, gifts, global, gmbh, golf, gratis, group, health, hockey, hosting, insurance, juegos, law, lawyer, legal, life, live, llc, loans, love, ltd, mba, memorial, money, movie, news, now, online, pizza, place, poker, property, racing, restaurant, run, sale, salon, sarl, school, shop, shopping, show, site, soccer, studio, style, sucks, taxi, team, tech, tennis, tickets, tube, video, wedding, wine, world, yoga, xn--fjq720a, xn--80adxhks, xn--80asehdb, xn--c1avg, xn--p1acf, xn--80aswg, xn--mgbab2bd, xn--4gbrim, xn--i1b6b1a6a2e, xn--q9jyb4c, xn--t60b56a, xn--mk1bu44c, xn--rhqv96g, xn--nyqy26a, xn--45q11c, xn--czru2d, xn--czr694b, xn--xhq521b, xn--6qq986b3xl, xn--nqv7f, xn--tqq33ed31aqia, xn--6frz82g, xn--ses554g, xn--hxt814e, xn--3bst00m, monash, ceo, xn--kcrx77d1x4a (.Philips), hermes, cba, philips, commbank, netbank, icu, sandvik, sandvikcoromant, walter, vista, webs, vistaprint, cern, scor, schmidt, cuisinella, sew, translations, boots, saxo, giving, barclays, barclaycard, alstom, premium, best, bydgoszcz.pl, olsztyn.pl, radom.pl, szczecin.pl, warszawa.pl, wroclaw.pl, limited, xn--kcrx77d1x4a, hk.com, hk.org, ltd.hk, inc.hk, com.se, xn--h2brj9c, irish, rio, abbott, active, afl, allfinanz, aquarelle, bloomberg, bond, canon, cartier, cbn, cfd, chloe, courses, crs, dabur, datsun, dclk, dev, doosan, dvag, epson, erni, eurovision, everbank, firmdale, flsmidth, forex, ggee, gmx, goldpoint, goo, goog, guge, hangout, ibm, ifm, infiniti, iwc, java, jcb, kddi, komatsu, lacaixa, latrobe, lds, leclerc, lidl, lotte, maif, mango, markets, marriott, mma, mormon, mtpc, nico, nissan, ntt, oracle, panerai, piaget, pohl, samsung, schwarz, shriram, sky, spreadbetting, study, temasek, toshiba, trust, wme, wtc, xin, xn--b4w605ferd, xn--flw351e, xn--qcka1pmc, yodobashi, zuerich, xn--45brj9c, xn--fpcrj9c3d, xn--gecrj9c, xn--mgbbh1a71e, xn--xkc2dl3a5ee0h, xn--s9brj9c, xn--p5b2bfp5fh3fra.xn--45brj9c, xn--hdc1b4ch5i.xn--gecrj9c, xn--d9b2bf3g1k.xn--s9brj9c, xn--vlccpku2dp3h.xn--xkc2dl3a5ee0h, xn--goc1b4ch5i8a.xn--fpcrj9c3d, xn--fhbed7t1n.xn--mgbbh1a71e, xn-p5b2bfp5fh3fra.xn-45brj9c, xn--9dbq2a, aig, amica, apple, beats, boehringer, bostik, cityeats, comsec, fairwinds, grainger, lifestyle, obi, sfr, sharp, travelers, vana, verisign, virgin, aarp, kfh, kpn, norton, redumbrella, symantec, travelersinsurance, trv, xn--ngbe9e0a, lier.no, mil.no, audi, baidu, bosch, bugatti, clinique, doha, firestone, lamborghini, lamer, meo, origins, rexroth, sapo, shell, statefarm, weber, xn--jlq61u9w7b, xn--kpu716f, xn--pbt977c, xn--vermgensberater-ctb, xn--vermgensberatung-pwb, vig, author, bot, call, circle, compare, edeka, fast, fox, gdn, got, jot, joy, like, makeup, pin, promo, read, room, safe, schaeffler, select, skin, smile, stockholm, tiffany, tushu, volkswagen, wanggou, watches, weather, weatherchannel, xn--eckvdtc9d, zero, alibaba, alipay, analytics, dealer, deloitte, ford, fresenius, frontier, gallup, jmp, lanxess, lincoln, nikon, pamperedchef, quest, sas, softbank, taobao, tmall, adac, avianca, chase, flickr, hdfcbank, helsinki, iselect, jpmorgan, lifeinsurance, natura, pwc, telecity, viking, yahoo, xn--e1a4c, ally, barefoot, flir, ftr, gallo, jnj, lipsy, metlife, next, nextdirect, sina, weibo, xn--9krt00a, xn--mgbca7dzdo, aetna, dtv, guardian, hkt, locker, mattel, mlb, nowtv, olayan, olayangroup, ollo, ott, pccw, progressive, richardli, sbi, statebank, warman, xn--fzys8d69uvgm, xn--mgba7c0bbn0a, xn--w4rs40l, chintai, dhl, epost, tdk, unicom, ups, xn--8y0a063a, gs.hm.no, bo.it, me.it, ra.it, tn.it, va.it, fe.it, treviso.it, is.it, co.cz, lt.it, sicilia.it, bg.it, bs.it, brescia.it, mi.it, ms.it, cosenza.it, novara.it, pv.it, ri.it, rm.it, padova.it, pd.it, roma.it, cl.it, rc.it, vv.it, modena.it, cam.it, fi.it, bz.it, torino.it, veneto.it, trentino.it, palermo.it, milano.it, ro.it, to.it, go.it, lazio.it, abruzzo.it, marche.it, sardegna.it, calabria.it, puglia.it, basilicata.it, campania.it, molise.it, umbria.it, toscana.it, emiliaromagna.it, friuliveneziagiulia.it, trentinoaltoadige.it, lombardia.it, liguria.it, piemonte.it, valledaosta.it, castelnuovo.tn.it., castelnuovo.tn.it

PropertyDescription
HandleExample: "JD123"
Status
DigestAlgorithmExample: "RSA-SHA256"
DigestTypeExample: "SHA-256"
DigestExample: "846E5ED4AB6788032B89393619752F662CF2B7B2046A8EC0804DF88F1469AC1E"
Protocol
KeyType
KeyAlgorithm
KeyTagExample: "2224"
PublicKey
CreDate
<soapenv:Envelope xmlns:arr="http://schemas.microsoft.com/2003/10/Serialization/Arrays" xmlns:service="http://www.ascio.com/2013/02/AscioService" xmlns:v3="http://www.ascio.com/2013/02" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
    <soapenv:Header>
        <v3:SecurityHeaderDetails>
            <v3:Account>${#Project#Account}</v3:Account>
            <v3:Password>${#Project#Password}</v3:Password>
        </v3:SecurityHeaderDetails>
    </soapenv:Header>
    <soapenv:Body>
        <service:DnsSecKey>
            <v3:Handle>JD123</v3:Handle>
            <v3:Status>StatusTest</v3:Status>
            <v3:DigestAlgorithm>RSA-SHA256</v3:DigestAlgorithm>
            <v3:DigestType>SHA-256</v3:DigestType>
            <v3:Digest>846E5ED4AB6788032B89393619752F662CF2B7B2046A8EC0804DF88F1469AC1E</v3:Digest>
            <v3:Protocol>ProtocolTest</v3:Protocol>
            <v3:KeyType>KeyTypeTest</v3:KeyType>
            <v3:KeyAlgorithm>KeyAlgorithmTest</v3:KeyAlgorithm>
            <v3:KeyTag>2224</v3:KeyTag>
            <v3:PublicKey>PublicKeyTest</v3:PublicKey>
        </service:DnsSecKey>
    </soapenv:Body>
</soapenv:Envelope>
WSDL for AWS v3
https://aws.demo.ascio.com/v3/aws.wsdl (OTE)
https://aws.ascio.com/v3/aws.wsdl (Live)
Please configure the IP-Whitelisting in the portal/demo-portal.