New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DNSSEC signature #285

Closed
lchanouha opened this Issue Jan 16, 2016 · 4 comments

Comments

Projects
None yet
2 participants
@lchanouha

lchanouha commented Jan 16, 2016

It could be nice to add an option to auto-sign zones when they are pushed to servers.

Eg : add an option on zone parameters to activate this feature and set the path of the ksk and zsk files (or load then directly into variables).
This feature would need dnsutils package and call system function "dnssec-signzone" on Debian.

EDIT : and handle DS record
EDIT2 : and set an auto-sign time interval

@WillyXJ WillyXJ added this to the 3.0 release milestone Mar 31, 2016

@WillyXJ

This comment has been minimized.

Owner

WillyXJ commented Mar 31, 2016

I'll see how this can be incorporated in 3.x.

@WillyXJ

This comment has been minimized.

Owner

WillyXJ commented Dec 8, 2016

I'm looking into signing zones and also managing the ZSK and KSK for each secured zone through fmDNS. Of course, this would mean when enabling DNSSEC for a zone, the ability to assign multiple keys would be required in order to handle key rollovers.

WillyXJ added a commit that referenced this issue Mar 3, 2017

fmDNS - #285 - DNSSEC frontend support
Only includes the frontend (checkboxes, etc.)

WillyXJ added a commit that referenced this issue Mar 3, 2017

WillyXJ added a commit that referenced this issue Mar 7, 2017

@WillyXJ

This comment has been minimized.

Owner

WillyXJ commented Mar 7, 2017

3.0-beta1 and later now includes support for generating, adding, and revoking DNSSEC KSK and ZSK keys and signing zones with them. I hope to have automatic DS record support when signing sub-domains by the stable release. Here are some snippets of the zones page in case they entice you to help test the feature. :)

image

image

image

image

image

@WillyXJ

This comment has been minimized.

Owner

WillyXJ commented Apr 15, 2017

DS RR is now included in the latest beta version and later.

@WillyXJ WillyXJ closed this Jun 23, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment