How to DNSSEC sign a zone with Simple DNS Plus

To sign a zone, in the DNS Records window, right click the zone in the left list and select "DNSSEC sign..." from the popup menu:

Image1.png

This brings up the "DNSSEC Sign Zone" dialog, which can be used both to sign the zone and/or to generate DS-records.
Specify a DNSSEC key file and click the "OK" button.
For details on creating and managing DNSSEC key files, please see the reference article below.

Image2.png

If you had the "Generate and display a list of DS-records..." option checked, a dialog with the generated DS-records (if any) will be displayed. You can copy this text (standard zone file format) for inclusion in the parent zone:

Image15.png

Signing a zone will remove any existing DNSSEC signatures records, and add new DNSSEC records to the zone:

Image14.png

The zone is now DNSSEC signed.
Make sure to re-sign the zone after making ANY changes to it.

REFERENCES:
For more information, please see the following knowledge base articles:

KB Article Managing DNSSEC keys with Simple DNS Plus
KB Article Check DNSSEC Signatures tool

Connect