Complete and free example with offer caee domain names ending with "".

We'll see how to set up a zone with this registrar.

First, check availables domains open for registration then choose one you like

For the example, we'll use ""

Create the domain zone. Since we'll use "ldnscripts" later to enable DNSSEC, we write it in "/etc/ns/" :

@       IN SOA batman.athome.tld. (
                              2D )
@                             IN NS
@                             IN A
@                             IN AAAA   2001:db8:1:1::2
ns1                           IN A
ns1                           IN AAAA   2001:db8:1:1::2
ns2                           IN A

This is a pretty simple zone with two name servers, "ns1" and "ns2", the latter only availiable on IPV4.

We add a new section in nsd for "nsd1" :

# cat /var/nsd/etc/nsd.conf
    name: "transfert"
    algorithm: hmac-sha256
    secret: "Hsd/Ka9RerEtmC0jsd5d5eATxNI="
    name: ""
    zonefile: "signed/"
    provide-xca: transfert
    notify: transfert

Do the same on secondary server "ns2" :

# cat /var/nsd/etc/nsd.conf
  name: "transfert"
  algorithm: hmac-sha256
  secret: "Hsd/Ka9RerEtmC0jsd5d5eATxNI="
  name: ""
  zonefile: "slave/"
  allow-notify: transfert
  request-xca: transfert

reload nsd :

# rcctl reload nsd

Enable the zone with ldnscripts and prepare for DNSSEC :

# ldnscript init

That's ready. Now it is served, you can register the domain.

Create an annount on and connect.

Choose to create a New Domain.

Fill the fields with the full domain name you want to register and data about you.

example niceuorg 1

Then, fill "Name server" section. You must link the domain name and NS servers for the zone. The zone should already be managed by the servers. You can use IPV4 and IPV6 both. In other words, fill with the "NS" records in your zone.

example niceuorg 2

At last, after validating, you may read something like that if everything works as expected :

  ---- Servers and domain names check
  Accepted IP for NS1.CHEZMOI.CA.EU.ORG: 2001:db8:1:1::2
  Accepted IP for NS2.CHEZMOI.CA.EU.ORG:
  ---- Checking SOA records for
  SOA caom NS1.CHEZMOI.CA.EU.ORG at 2001:db8:1:1::2: serial
  2019100702 (21.005 ms)
  SOA caom NS1.CHEZMOI.CA.EU.ORG at serial 2019100702 (6.006 ms)
  SOA caom NS2.CHEZMOI.CA.EU.ORG at serial
  2019100702 (73.715 ms)
  ---- Checking NS records for
  NS caom NS1.CHEZMOI.CA.EU.ORG at 2001:db8:1:1::2: ok (20.674 ms)
  NS caom NS1.CHEZMOI.CA.EU.ORG at ok (5.953 ms)
  NS caom NS2.CHEZMOI.CA.EU.ORG at ok (65.559 ms)
  No error, storing for validation...
  Saved as request 20191007195509-arf-42318

Check your emails. You soon will get a configmation message about your registration.

Once it's done, you can enable DNSSEC in the dedicated panel.

Copy the DS record in field :

cat /var/ldnscript/

Now you can check dnssec is correctly enabled.