In the event that a user is trying to sign domain at their registrar and getting blocked by the registrar's tech support over our instructions in What Information do I Need to Provide to My Registrar to Publish a DS Record, this is due to the registrar's support not using DS.
Instead, the registrar wants Flag, Protocol, Algorithm, Public Key.
Steps to Resolution
- Dig for DNSKEY and look for 257 Value:
$ dig cst-lbproducts.com DNSKEY @pdns1.ultradns.net
; <<>> DiG 9.10.6 <<>> cst-lbproducts.com DNSKEY @pdns1.ultradns.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22923
;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;cst-lbproducts.com. IN DNSKEY
;; ANSWER SECTION:
cst-lbproducts.com. 60 IN DNSKEY 256 3 13 KogJeobCBw0A/lzF1tVd+KVb88kIiAT5ENo87t39R9Pmk94e42MfwQfn Gz/uQsFMyXy0DCE3HAqHe0gRbJiBbw==
cst-lbproducts.com. 60 IN DNSKEY 257 3 13 QTgbAhbIfKILgBaw1U2VCvcAVN9u4dFyTtAZQ0miPC1eqUyJEPta/FJN o4ZonLBViqf8r3DfOdkKDM0lLx8v7w==
;; Query time: 38 msec
;; SERVER: 204.74.108.1#53(204.74.108.1)
;; WHEN: Mon Feb 03 15:47:52 EST 2020
;; MSG SIZE rcvd: 207
-
Get values from answer section:
Flag is 257 (KSK)
Protocol is 3
Algorithm is 13 (ECDSA Curve P-256 with SHA-256)
Public Key is QTgbAhbIfKILgBaw1U2VCvcAVN9u4dFyTtAZQ0miPC1eqUyJEPta/FJN o4ZonLBViqf8r3DfOdkKDM0lLx8v7w==