Fortinet black logo

Handbook

Home FortiGSLB Handbook

How to enable DNSSEC on FortiGSLB Cloud

How to enable DNSSEC on FortiGSLB Cloud

Before you begin:

Make sure your TLD supports DNSSEC.

Steps
  1. If you have FQDN service only, you need to create a Zone service with the same Domain Name.
  2. Toggle the DNSSEC on to enable (1). The indicator light (3), download button (4), and regenerate button (5) will then appear.
  3. Click the refresh button (2) to refresh the Zone page so that the indicator light turns green. This should take less than one minute.
    Note: If you have any concern that your key has been compromised, you can click the regenerate button to regenerate the DNSSEC key files and then click the refresh button so that the indicator light turns green. Then proceed to the following steps and update your TLD.
  4. Click the download button to download the DNSSEC key files.
  5. Unzip the downloaded key files and open the file name that begins with 'dsset'. You may need this for your TLD.
    1. Add the file to the DSSET list.
    2. In Zone configuration, select the item from the DSSET List.
  6. You should now be able to query the domain records with the DNSSEC flag. The resulting output should contain an 'ad' flag and a RRSIG record.
    Linux - dig
    Windows - Resolve-DnsName
Debugging

See Debugging section in How to Add FortiGSLB Cloud as sub-domain.

Previous
Next

How to enable DNSSEC on FortiGSLB Cloud

Before you begin:

Make sure your TLD supports DNSSEC.

Steps
  1. If you have FQDN service only, you need to create a Zone service with the same Domain Name.
  2. Toggle the DNSSEC on to enable (1). The indicator light (3), download button (4), and regenerate button (5) will then appear.
  3. Click the refresh button (2) to refresh the Zone page so that the indicator light turns green. This should take less than one minute.
    Note: If you have any concern that your key has been compromised, you can click the regenerate button to regenerate the DNSSEC key files and then click the refresh button so that the indicator light turns green. Then proceed to the following steps and update your TLD.
  4. Click the download button to download the DNSSEC key files.
  5. Unzip the downloaded key files and open the file name that begins with 'dsset'. You may need this for your TLD.
    1. Add the file to the DSSET list.
    2. In Zone configuration, select the item from the DSSET List.
  6. You should now be able to query the domain records with the DNSSEC flag. The resulting output should contain an 'ad' flag and a RRSIG record.
    Linux - dig
    Windows - Resolve-DnsName
Debugging

See Debugging section in How to Add FortiGSLB Cloud as sub-domain.

Previous
Next