Greetings! I’m finishing up my first MIAB setup. I’m using my domain registrar’s name servers, and just configured reverse DNS with my VM host. My root is hosted separately and does not point to my MIAB (let’s call it box .mysite .com). My system status checks output includes the following.
box .mysite .com
The DNSSEC ‘DS’ record for mysite .com is incorrect. See further details below.
? Nameserver glue records (ns1 .box .mysite .com and ns2. box .mysite .com) should be configured at your domain name registrar as having the IP address of this box (220.127.116.11). They currently report addresses of [Not Set]/[Not Set]. If you have set up External DNS, this may be OK.
This domain’s DNSSEC DS record is incorrect. The chain of trust is broken between the public DNS system and this machine’s DNS server. It may take several hours for public DNS to update after a change. If you did not recently make a change, you must resolve this immediately by following the instructions provided by your domain name registrar and provide to them this information:
* some details including mismatched values for Key Tag, Algorithm, and Digest, along with a sample DS record *
The ? warning appears to be nonapplicable since I am not using my MIAB for DNS. My domain registrar has a DNSSEC option which has been enabled, which I expect is the cause of the mismatched values.
I have a CNAME for box .mysite .com pointing to my VM host, so I can’t add DNS records (such as DS) directly in my registrar. So, I’m guessing that configuring DNSSEC would require some kind of support from my hosting provider? Any clarification is appreciated!
Spaces added to URLs so they’re not formatted as links.