jlopez

Member
Jan 11, 2013
5
0
51
cPanel Access Level
Root Administrator
Hello
We are migrating some external DNS zones into our cPanel DNS cluster. Our cluster runs PowerDNS with the bind backend.
Some of the domains to be imported make use of DNSSEC. The zone loads correctly, then to import the key we execute

pdnsutil import-zone-key upn.org /root/migrations/keys/Kupn.org.+007+12198.key ksk

but we get a message saying "Error: Request to create key object for unknown algorithm number 0".
The algorithm number of course is not 0, the key file content starts like this:

; This is a key-signing key, keyid 12198, for upn.org.
; Created: 20190612101512 (Wed Jun 12 12:15:12 2019)
; Publish: 20190612101512 (Wed Jun 12 12:15:12 2019)
; Activate: 20190612101512 (Wed Jun 12 12:15:12 2019)
upn.org. IN DNSKEY 257 3 7 AwEAAcDj......

What can we do to get the key to load correctly? Or am I missing some step along the way?
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,780
1,872
363
cPanel Access Level
Root Administrator
Hey there! I know the Transfer Tool handles DNSSEC keys properly as we have that outlined here:

https://docs.cpanel.net/knowledge-base/dns/dnssec/#dnssec-key-transfers

but I'm not seeing much about moving them manually, with or without cPanel tools. I've reached out to that particular development team and I'll post more details as soon as I have them.
 

jlopez

Member
Jan 11, 2013
5
0
51
cPanel Access Level
Root Administrator
Hey there! I know the Transfer Tool handles DNSSEC keys properly as we have that outlined here:

https://docs.cpanel.net/knowledge-base/dns/dnssec/#dnssec-key-transfers

but I'm not seeing much about moving them manually, with or without cPanel tools. I've reached out to that particular development team and I'll post more details as soon as I have them.
Hi cPRex, in the end we created new keys as we're in a bit of a hurry to migrate these zones.
I haven't used DNSSEC much in the past, but I think the problem might be the key algorithm not being supported? The old keys were using algorithm 7, which doesn't show up in the zone manager editor.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,780
1,872
363
cPanel Access Level
Root Administrator
We don't have an official cPanel method for moving those outside of them being carried over by the larger Transfer Tool processes of moving an account. If you'd like to see that added could you make a feature request using the link in my signature?