1

I've got a nice small VPS from OVH and two domain names (let's call them first.com and second.com). As OVH does not support DNSSEC and CAA records I was informed that I can set up my own DNS server to provide those records for first.com by directing second.com to the dns server (so far I'm right?).

Now, I've followed this guide and basically the zone file is all fine and dandy, but the issue is that how would let OVH know that I wish to use that name server and what data (keys) exactly do I have to provide the registrar to make DNSSEC work properly?

Sorry for the silly question and please let me know if something is unclear.

Community
  • 1
Avamander
  • 193
  • 1
  • 11
  • DNSSEC is not simple, for at least two reasons: you need cooperation with your parent zone (providing it DS records), and you need ongoing maintenance with keys and signatures rotations. I would advise first to do "simple" DNS so that you have a feel of it, and only later on add DNSSEC. – Patrick Mevzek May 02 '17 at 07:58

2 Answers2

3

At your registrar, change the nameservers for the domain to point to the DNS server that you've set up. You'll want to list the name of it, not the IP address.

TomOnTime
  • 7,567
  • 6
  • 28
  • 51
  • I don't have that option at the registrar's webUI. Pretty sure OVH delegates that domain now. – Avamander May 01 '17 at 18:13
  • delegates? do you have a sub domain under their domains? DNSSEC must be on the full chain. please clarify verbiage and/or provide real info. – Jacob Evans May 01 '17 at 18:24
  • I'm sorry for the mistake. No, it's a totally independent domain. – Avamander May 02 '17 at 21:17
  • At the moment the domain points to OVH's name servers, but registrar is different. Will see if I can turn the domain back at registrar's name servers. – Avamander May 02 '17 at 22:01
1

You would not talk to OVH about this, you would talk to your registrar (where you bought your domain from). Unless OVH is your registrar, in which case you had better hope that they have the option to modify your NS records (looks like you can).

Once you have logged into your registrar, you would update your Name Server records away from ovh.com and to your BIND server.

Make sure that you have records on your BIND server so that things continue to work after the switch, obviously :)

Mark Henderson
  • 68,316
  • 31
  • 175
  • 255
  • That's the bad thing, the registrar does not have the "change name server" option and OVH does not let me enter name servers in text mode and the editor forces me to specify subdomain. – Avamander May 02 '17 at 21:19
  • I'll see if I can get that option back, I think it's a glitch in their webui. – Avamander May 02 '17 at 22:00