Project

General

Profile

Task #1478

implement DNSSEC [Postfix client + domain later]

Added by Florian Effenberger about 2 years ago. Updated 5 months ago.

Status:
Rejected
Priority:
Normal
Category:
Domains and DNS
Target version:
Team - Qlater
Start date:
Due date:
% Done:

0%

Estimated time:
Tags:
URL:

Description

We should look into migrating to DNSSEC.
Florian privately made some good experiences with core-networks.de (signing is super-easy, they just lack an API for zones which we haven't used anyways in the past)
There's a sponsoring offer on the table for backup DNS.
An idea would be to have core-networks as main DNSSEC provider, and take advantage of the sponsoring offer as mirror/fallback (secondary zone with AXFR).
I'd start with less-prominent domains first to gain some experience.
I would, contrary to the initial scope of the ticket, not consider hosting DNS on our own.

History

#1 Updated by Dennis Roczek about 2 years ago

  • Category set to Domains and DNS

#2 Updated by Florian Effenberger about 2 years ago

  • Subject changed from onw DNS incl. DNSSEC to own DNS incl. DNSSEC

#3 Updated by Florian Effenberger almost 2 years ago

There's www.core-networks.de which I've been using for testing. Sounds interesting, though it lacks an API it seems
I'm reluctant to switch DNS providers "just" to have DNSSEC, but maybe having one that does the DNSSEC magic and another one that just mirrors the zone could be an idea

#4 Updated by Florian Effenberger almost 2 years ago

  • Target version changed from Q1/2016 to Qlater

#5 Updated by Florian Effenberger almost 2 years ago

  • Subject changed from own DNS incl. DNSSEC to implement DNSSEC
  • Description updated (diff)

#6 Updated by Florian Effenberger about 1 year ago

  • Assignee changed from Alexander Werner to Guilhem Moulin

re-assigning to Guilhem in order to clean up Redmine queues
nothing concrete to do at the moment

#7 Updated by Florian Effenberger about 1 year ago

  • Target version changed from Qlater to Q1/2017

Tentatively Q1; it might help (with TLSA and the like) e-mail deliverability

#8 Updated by Florian Effenberger about 1 year ago

  • Subject changed from implement DNSSEC to implement DNSSEC [Postfix client + domain later]

#9 Updated by Florian Effenberger 10 months ago

  • Target version changed from Q1/2017 to Qlater

Not that urgent actually, shifting to Qlater

#10 Updated by Florian Effenberger 5 months ago

  • Status changed from New to Rejected

Rejecting in favor of #2257

Also available in: Atom PDF