Complete and free example with nic.eu.org

nic.eu.org offer caee domain names ending with "eu.org".

We'll see how to set up a zone with this registrar.

First, check availables domains open for registration then choose one you like

For the example, we'll use "athome.tld.ca.eu.org"

Create the domain zone. Since we'll use "ldnscripts" later to enable DNSSEC, we write it in "/etc/ns/athome.tld.ca.eu.org" :

$TTL 1D
$ORIGIN chezmoi.ca.eu.org.
@       IN SOA ns1.chezmoi.ca.eu.org. batman.athome.tld. (
                              2017111301
                              1D
                              2H
                              2W
                              2D )
@                             IN NS     ns1.chezmoi.ca.eu.org.
@                             IN A      192.0.2.2
@                             IN AAAA   2001:db8:1:1::2
ns1                           IN A      192.0.2.2
ns1                           IN AAAA   2001:db8:1:1::2
ns2                           IN A      192.0.2.3

This is a pretty simple zone with two name servers, "ns1" and "ns2", the latter only availiable on IPV4.

We add a new section in nsd for "nsd1" :

# cat /var/nsd/etc/nsd.conf
key:
    name: "transfert"
    algorithm: hmac-sha256
    secret: "Hsd/Ka9RerEtmC0jsd5d5eATxNI="
zone:
    name: "athome.tld.ca.eu.org"
    zonefile: "signed/athome.tld.ca.eu.org"
    provide-xca: 192.0.2.3 transfert
    notify: 192.0.2.3 transfert

Do the same on secondary server "ns2" :

# cat /var/nsd/etc/nsd.conf
key:
  name: "transfert"
  algorithm: hmac-sha256
  secret: "Hsd/Ka9RerEtmC0jsd5d5eATxNI="
zone:
  name: "athome.tld.ca.eu.org"
  zonefile: "slave/athome.tld.ca.eu.org"
  allow-notify: 192.0.2.3 transfert
  request-xca: 192.0.2.3 transfert

reload nsd :

# rcctl reload nsd

Enable the zone with ldnscripts and prepare for DNSSEC :

# ldnscript init athome.tld.ca.eu.org

That's ready. Now it is served, you can register the domain.

Create an annount on nic.eu.org and connect.

Choose to create a New Domain.

Fill the fields with the full domain name you want to register and data about you.

example niceuorg 1

Then, fill "Name server" section. You must link the domain name and NS servers for the zone. The zone should already be managed by the servers. You can use IPV4 and IPV6 both. In other words, fill with the "NS" records in your zone.

example niceuorg 2

At last, after validating, you may read something like that if everything works as expected :

  ---- Servers and domain names check
  Accepted IP for NS1.CHEZMOI.CA.EU.ORG: 2001:db8:1:1::2 192.0.2.2
  Accepted IP for NS2.CHEZMOI.CA.EU.ORG: 192.0.2.3
  ---- Checking SOA records for chezmoi.ca.eu.org
  SOA caom NS1.CHEZMOI.CA.EU.ORG at 2001:db8:1:1::2: serial
  2019100702 (21.005 ms)
  SOA caom NS1.CHEZMOI.CA.EU.ORG at 192.0.2.2: serial 2019100702 (6.006 ms)
  SOA caom NS2.CHEZMOI.CA.EU.ORG at 192.0.2.3: serial
  2019100702 (73.715 ms)
  ---- Checking NS records for chezmoi.ca.eu.org
  NS caom NS1.CHEZMOI.CA.EU.ORG at 2001:db8:1:1::2: ok (20.674 ms)
  NS caom NS1.CHEZMOI.CA.EU.ORG at 192.0.2.2: ok (5.953 ms)
  NS caom NS2.CHEZMOI.CA.EU.ORG at 192.0.2.3: ok (65.559 ms)
  No error, storing for validation...
  Saved as request 20191007195509-arf-42318
  Done

Check your emails. You soon will get a configmation message about your registration.

Once it's done, you can enable DNSSEC in the dedicated panel.

Copy the DS record in nic.eu.org field :

cat /var/ldnscript/athome.tld.ca.eu.org/ds

Now you can check dnssec is correctly enabled.