Directadmin offers support for DNSSEC. In order to config this you have to edit the zone file, twice. You first to to dns management, search for the domain and click the generate keys button. Then you have to go back and clik the sign button.
You can use the script /usr/local/directadmin/scripts/dnssec.sh but you have to run that twice, first to generate, second to sign. And then you still have to search for the keys in the ksk and vsk files. This script makes that less cumbersome.
#!/bin/bash
SCRIPTPATH=/usr/local/directadmin/scripts
ZONEPATH=/var/named
if [ -z "$1" ]
then
echo "Usage: "$0" domain"
exit
fi
DOMAIN=$1
$SCRIPTPATH/dnssec.sh keygen $DOMAIN
$SCRIPTPATH/dnssec.sh sign $DOMAIN
SEC256=`cat $ZONEPATH/$DOMAIN.zsk.key`
SEC257=`cat $ZONEPATH/$DOMAIN.ksk.key`
echo 'Flag 256 (ZSK)'
echo 'Algorithm (RSA/SHA-256)'
echo 'Key: ' $SEC256
echo 'Flag 257 (KSK)'
echo 'Algorithm (RSA/SHA-256)'
echo 'Key: ' $SEC257
Comments