Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DNSSEC signature #285

Closed
lchanouha opened this issue Jan 16, 2016 · 4 comments
Closed

DNSSEC signature #285

lchanouha opened this issue Jan 16, 2016 · 4 comments

Comments

@lchanouha
Copy link

@lchanouha lchanouha commented Jan 16, 2016

It could be nice to add an option to auto-sign zones when they are pushed to servers.

Eg : add an option on zone parameters to activate this feature and set the path of the ksk and zsk files (or load then directly into variables).
This feature would need dnsutils package and call system function "dnssec-signzone" on Debian.

EDIT : and handle DS record
EDIT2 : and set an auto-sign time interval

@WillyXJ WillyXJ added this to the 3.0 release milestone Mar 31, 2016
@WillyXJ
Copy link
Owner

@WillyXJ WillyXJ commented Mar 31, 2016

I'll see how this can be incorporated in 3.x.

@WillyXJ
Copy link
Owner

@WillyXJ WillyXJ commented Dec 8, 2016

I'm looking into signing zones and also managing the ZSK and KSK for each secured zone through fmDNS. Of course, this would mean when enabling DNSSEC for a zone, the ability to assign multiple keys would be required in order to handle key rollovers.

WillyXJ added a commit that referenced this issue Mar 3, 2017
Only includes the frontend (checkboxes, etc.)
WillyXJ added a commit that referenced this issue Mar 3, 2017
WillyXJ added a commit that referenced this issue Mar 7, 2017
@WillyXJ
Copy link
Owner

@WillyXJ WillyXJ commented Mar 7, 2017

3.0-beta1 and later now includes support for generating, adding, and revoking DNSSEC KSK and ZSK keys and signing zones with them. I hope to have automatic DS record support when signing sub-domains by the stable release. Here are some snippets of the zones page in case they entice you to help test the feature. :)

image

image

image

image

image

@WillyXJ
Copy link
Owner

@WillyXJ WillyXJ commented Apr 15, 2017

DS RR is now included in the latest beta version and later.

@WillyXJ WillyXJ closed this Jun 23, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants