How to add TXT record for Entrust DNS Email Validation Method on BIND DNS ?
Pre-requirements: -BIND DNS Software from ISC -Linux/Windows OS with BIND installed (in this example using Linux CentOS version 7) - DNS Server has been setup and function properly - An email address that function properly
Step by step create a CAA record inside the zone file: 1. Login to your DNS server using superuser as root. 2. Launch the terminal. If you don’t login as superuser then type: $ su –
3. Locate your DNS zone file. This file by default is located under /var/named/ , however sometimes it is hidden for the security purposes. Please consult with your network administrator. In this example, the DNS zone file is under /var/named/ with the filename called entrustlab.com.zone
4. WARNING ! Before you continue on the step below, please make sure you make a copy of your working DNS zone file in order to avoid any mishap happened. Edit the zone file using the line text editor tool such as nano or vi Example: nano /var/named/entrustlab.com.zone
The DNS zone file will be opened. You should see the current, already existing entry:
Hit Enter on the bottom of the page for a new record entry. Create your record using the reference from the format below:Format: _validation-contactemail IN TXT email address Note : email address: Your designated email address which function properly. Example: [email protected]
5. Press Ctrl-X to save the modification. Answer Yes and then hit Enter to overwrite it into the same filename.
6. Restart your DNS service by typing:service named restart
NOTE: If you receive any error during the DNS service restart process, go back to your zone file and make sure you don’t have any typo on the entries. You can still refer back to your old working zone file that you backup on step 5.
To check the detail status of DNS service, type : service named status
At this point the process to add a TXT record for Entrust has been completed. 7. Once this is setup, and the DNS information has been propagated to our Entrust DNS Server (which may take up to 12 hours), you can then use email verification method for the domain in your certificate portal.