Open main menu


< PowerDNS
Revision as of 09:47, 12 August 2021 by Amolith (talk | contribs) (create webpage)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Editing a zone

  • pdnsutil edit-zone DOMAIN
  • Increment SOA’s serial number
  • pdns_control notify DOMAIN

Adding a domain

pdnsutil create-zone DOMAIN
pdnsutil set-kind DOMAIN master
pdnsutil secure-zone DOMAIN
pdnsutil set-nsec3 DOMAIN
pdnsutil rectify-zone DOMAIN
pdnsutil edit-zone DOMAIN

Add the following records (the NS records are mandatory, but CAA is optional but recommended):

DOMAIN    86400    IN    NS
DOMAIN    86400    IN    NS
DOMAIN    86400    IN    NS
DOMAIN    86400    IN    NS
DOMAIN    86400    IN    NS
DOMAIN    86400    IN    CAA    0 issue ""

(replace ns{1..5} with your respective DNS server addresses)

If you want to have wildcard certificates, add the following DNS record: DOMAIN 86400 IN CAA 0 issuewild ""

After adding records, increment SOA’s serial and run: pdns_control notify DOMAIN

Then set NS records on your registrar and run pdnsutil show-zone DOMAIN to get the DNSSEC details.

DNSSEC settings

  • Key Tag: CHANGEME
  • Digest: CHANGEME
  • Digest Type: SHA-256 (2)
  • Algo: 13 (ECDSA curve P-256 with SHA-256)

(using NameSilo’s input labels, but should be similar on other registrars.)


To check everything went correctly, use the testing tool at

Remember to add your domain to HSTS preloading as well after getting a webserver up and running.