From f9d48e28961eeb14d42fddd1f0bce28ab48dbd16 Mon Sep 17 00:00:00 2001 From: Eli Heady Date: Fri, 12 Sep 2025 10:14:26 -0400 Subject: [PATCH] deSEC: improve formating of DS records on domain creation This also adds a note to the provider page about alternative ways to get the DS records after the domain is created. --- documentation/provider/desec.md | 6 ++++++ providers/desec/protocol.go | 8 +++++++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/documentation/provider/desec.md b/documentation/provider/desec.md index fb70afee9..0a5b3afeb 100644 --- a/documentation/provider/desec.md +++ b/documentation/provider/desec.md @@ -44,3 +44,9 @@ integration test suite can not be run in a single session. See [https://desec.readthedocs.io/en/latest/rate-limits.html#api-request-throttling](https://desec.readthedocs.io/en/latest/rate-limits.html#api-request-throttling) {% endhint %} +Upon domain creation, the DNSKEY and DS records needed for DNSSEC setup are +printed in the command output. If you need these values later, get them from +the deSEC web interface or query deSEC nameservers for the CDS records. For +example: `dig +short @ns1.desec.io example.com CDS` will return the published +CDS records which can be used to insert the required DS records into the parent +zone. \ No newline at end of file diff --git a/providers/desec/protocol.go b/providers/desec/protocol.go index 8cd231168..5bd9930b1 100644 --- a/providers/desec/protocol.go +++ b/providers/desec/protocol.go @@ -261,7 +261,13 @@ func (c *desecProvider) createDomain(domain string) error { return err } printer.Printf("To enable DNSSEC validation for your domain, make sure to convey the DS record(s) to your registrar:\n") - printer.Printf("%+q", dm.Keys) + for _, key := range dm.Keys { + printer.Printf("DNSKEY: %s\n", key.Dnskey) + printer.Printf("DS record(s):\n") + for _, d := range key.Ds { + printer.Printf(" %s\n", d) + } + } return nil }