Hello!
I have two Windows Server 2022 machines with DNS role on both. They are going to be the authoritative name servers for a domain name on the internet. I have set the first as the primary name server and second as the secondary name server. There is no active directory setup on both machines. The secondary server successfully receives zone updates from the primary server. It works fine to resolve DNS over the internet.
I now want to setup DNSSEC for the domain, for security reasons. So I have signed the zone in DNS by right clicking and selecting DNSSEC and working through the manager and the zone has been successfully signed. But now I need to tell the internet users to use DNSSEC, so I need the following information to place at the domain registry under DS records settings:
Key Tag, Algorithm, Digest Type and Digest.
There is nothing I can see in any of the records placed in the zone that show this information. There is also nothing in the right click > DNSSEC > Properties that allows me to generate or see the DS records. Do I have to do this through PowerShell and how?
Does anyone know how to generate DS records for a signed DNSSEC domain that are compatible with an internet registry such as GoDaddy? (I need to generate to DS records per domain for good practice)
Many Thanks!