DNSSEC migration

jlopez

• July 13, 2022 06:11

Hello We are migrating some external DNS zones into our cPanel DNS cluster. Our cluster runs PowerDNS with the bind backend. Some of the domains to be imported make use of DNSSEC. The zone loads correctly, then to import the key we execute pdnsutil import-zone-key upn.org /root/migrations/keys/Kupn.org.+007+12198.key ksk but we get a message saying "Error: Request to create key object for unknown algorithm number 0". The algorithm number of course is not 0, the key file content starts like this: ; This is a key-signing key, keyid 12198, for upn.org. ; Created: 20190612101512 (Wed Jun 12 12:15:12 2019) ; Publish: 20190612101512 (Wed Jun 12 12:15:12 2019) ; Activate: 20190612101512 (Wed Jun 12 12:15:12 2019) upn.org. IN DNSKEY 257 3 7 AwEAAcDj...... What can we do to get the key to load correctly? Or am I missing some step along the way?

• 

  cPRex Jurassic Moderator

  • July 13, 2022 20:38

  Hey there! I know the Transfer Tool handles DNSSEC keys properly as we have that outlined here:

  0
• 

  jlopez

  • July 14, 2022 15:07

  Hey there! I know the Transfer Tool handles DNSSEC keys properly as we have that outlined here:

  0
• 

  cPRex Jurassic Moderator

  • July 14, 2022 15:08

  I'm glad you were able to come up with a workaround. I still would like to get some more details from our end, so I'll post that once I have some information.

  0
• 

  cPRex Jurassic Moderator

  • July 14, 2022 17:28

  We don't have an official cPanel method for moving those outside of them being carried over by the larger Transfer Tool processes of moving an account. If you'd like to see that added could you make a feature request using the link in my signature?

  0

Please sign in to leave a comment.