DNS Configuration

[j...@cpss.co]

Anyone have an idea why my domain, (cpss.co) is timing out with Google's DNS? I'm currently with enom and everything works if I use my ISP DNS but not with Google. I was just traveling too and I noticed that these domains I need more subdomains than enom allows were not working at our hotel but they were at Denny's down the street. I've registered ns1.maegic.net & ns2.maegic.net as name servers with enom and just recently implemented DNSSEC, (hopefully I did it right) on my Microsoft servers running 2016 but I'm not sure what else to do. Any help would be greatly appreciated, thank you in advance.

[Alex Dupuy]

There are a bunch of problems with your configuration, http://dnsviz.net/d/cpss.co/XDyj7A/dnssec/ shows some of them.

While it is possible to DNSSEC-sign your domains separately with different keys on each name server, this is not generally advised (and for proper functionality, requires that the two name servers cross-sign each others DNSKEY RRsets).

You should do the DNSSEC-signing on one name server, set it up as a primary, and the other as a secondary which will transfer the zones. Once that is set up, you can register the DS record for your domain's KSK (key-signing DNSKEY, the one with 257, not 256) with eNom and you should have a working DNSSEC configuration.

[j...@cpss.co]

Thank you so much Alex, I'll try to figure all of this out. That link should help guide me in the right direction.

[GuyCre8ive]

Alright DNS administration is a lot more complicated than I thought. How close is Google to developing that Tech in the Matrix movie where I can just download everything I need to know to get this going?