In this process you are signing the child domain and then adding the DS records to for the child domain into the parent domain.
In this article, the parent domain is domain.com and the child domain is subdomain.domain.com.
The following must be true:
- Parent domain is already signed
- Parent domain and child domain exist as different zone files
Steps to Resolution
- Login at UltraDNS
- Click Domains in left navigation menu
- Click the domain in question
- Click DNSSEC tab
-
Click Sign
- You will see a DS Resource Records section with values like this:
- 42958 13 1 30954EF5C0EBDA1FF8804F222744D8FBFD94BC43
- 42958 13 2 7550621A4D38E4DCE8204D4E7C3401165E5217D492E2C4473B8C74C7BC7B32
- Click Domains in left navigation menu
- Click the domain in question
- Scroll down to DS (Delegation Signer)
- Click Add Record
-
Update to the values from the DS record listed in <subdomain.domain.com> and click Save.
Note: If using the values from the note above you'd enter this:
Host: subdomain.domain.com
Key Tag: 42958
Algorithm ECDSA Curve P-256 with SHA-256 (13)
Digest Type: SHA-256 (2)
Digest: 7550621A4D38E4DCE8204D4E7C3401165E5217D492E2C4473B8C74C7BC7B32E3
And then optionally add a second record
Host: subdomain.domain.com
Key Tag: 42958
Algorithm ECDSA Curve P-256 with SHA-256 (13)
Digest Type: SHA-1 (1)
Digest: 30954EF5C0EBDA1FF8804F222744D8FBFD94BC43