How to DNSSEC sign a zone with Simple DNS Plus

To sign a zone, in the DNS Records window, right click the zone in the left list and select "DNSSEC sign..." from the popup menu:


This brings up the "DNSSEC Sign Zone" dialog, which can be used both to sign the zone and/or to generate DS-records.
Specify a DNSSEC key file and click the "OK" button.
For details on creating and managing DNSSEC key files, please see the reference article below.


If you had the "Generate and display a list of DS-records..." option checked, a dialog with the generated DS-records (if any) will be displayed. You can copy this text (standard zone file format) for inclusion in the parent zone:


Signing a zone will remove any existing DNSSEC signatures records, and add new DNSSEC records to the zone:


The zone is now DNSSEC signed.
Make sure to re-sign the zone after making ANY changes to it.

For more information, please see the following knowledge base articles:

KB Article Managing DNSSEC keys with Simple DNS Plus
KB Article Check DNSSEC Signatures tool

28 Feb 2018 21:02 UTC
Can this be done through the HTTP API?
(Never published. Used for replies and to show your Gravatar icon. Never used for any other purpose.)