Forum Discussion

OTS02's avatar
OTS02
Icon for Cirrus rankCirrus
Jan 18, 2017

subdomain DS record creation in zonerunner

I have a domain and subdomain in GTM. I have recently created DNSSEC zones for both. I have posted the DS records for both on the root servers, via my registrar (Google). The top domain is good for DNSSEC, but the subzone is not. Google Support tells me that I need to post the subdomain DS record on the authoritative DNS server (my GTMs).

 

I have not been able to create a DS record for the subdomain with Zonerunner, even though the type "DS" is an option. I cannot seem to satisfy the syntax requirement. All my attempts have failed to created a DS record, correct or incorrect. All the f5 documentation that I have come across only deals with submitting the DS record to the registrar, which I have done successfully. Any help greatly appreciated.

 

application delivery
BIG-IP
devops

2 Replies

Sort By
    • OTS02's avatar
      OTS02
      Icon for Cirrus rankCirrus
      Jul 21, 2017

      Hello Pirooz,

       

      I never got an answer. I had a difficult time delegating a sub-domain to a 3rd party. None of the posts that I found were helpful. I set up a test DNS server to simulate the 3rd party DNS server (on a totally separate domain) and started trying different things, until I got the delegation to work. It is quite simple - the key is - you DO NOT create the sub-domain on the parent-domain's DNS server - you only create a NS record for the sub-domain (that points to the 3rd party DNS) on the parent-domain.

       

      Regarding the DNSSEC for the sub-domain, I think that the 3rd party would have to create the DS record, and post it to their registrar. But I have not proved it out.