DNSSEC Hexonet Settings

DNSSEC: Let’s Go! (Hexonet Edition)

Recently, I purchased several new domain names with .gd and .io extensions. While exploring Hexonet’s features, I noticed that they support DNSSEC (Domain Name System Security Extensions). However, I couldn’t find any option to enable it directly through their control panel.

After some research, I finally figured out how to activate DNSSEC on Hexonet. Spoiler: It involves using their API.

The Process

To enable DNSSEC, you’ll need to manually send a command via Hexonet’s API. Here’s how you can do it:

1. Access the Hexonet API Execution Page
   Open the API tools page at this URL:
   https://cp.hexonet.net/cp2/index.php/tools/apiaccess
2. Input the API Command
   Use the following command format to enable DNSSEC for your domain:
   command = ModifyDomain
domain = example.com
secDNS-urgent = 1
secDNS-ds0 = [KEYTAG] [ALGORITHM] [DIGEST-TYPE] [DIGEST]


   Replace the placeholders with the specific DNSSEC values provided by your DNS provider (e.g., Cloudflare).

A Quick Note on Digest Types

The trickiest part of this setup is figuring out the correct Digest Type. If you’re using Cloudflare, they’ll provide a digest labeled SHA256. However, Hexonet’s system doesn’t directly list "SHA256" as an option.

After checking the official documentation, I found that:

• SHA256 corresponds to 2 in Hexonet’s system.

So, for the secDNS-ds0 parameter, make sure to use 2 as the Digest Type.

Helpful Resources

Here are a couple of resources that helped me understand the process:

• Hexonet’s DNSSEC Wiki