Project

General

Profile

Actions

Task #1478

closed

implement DNSSEC [Postfix client + domain later]

Added by Florian Effenberger over 8 years ago. Updated over 6 years ago.

Status:
Rejected
Priority:
Normal
Category:
Domains and DNS
Target version:
Team - Qlater
Start date:
Due date:
% Done:

0%

Tags:

Description

We should look into migrating to DNSSEC.
Florian privately made some good experiences with core-networks.de (signing is super-easy, they just lack an API for zones which we haven't used anyways in the past)
There's a sponsoring offer on the table for backup DNS.
An idea would be to have core-networks as main DNSSEC provider, and take advantage of the sponsoring offer as mirror/fallback (secondary zone with AXFR).
I'd start with less-prominent domains first to gain some experience.
I would, contrary to the initial scope of the ticket, not consider hosting DNS on our own.

Actions #1

Updated by Dennis Roczek over 8 years ago

  • Category set to Domains and DNS
Actions #2

Updated by Florian Effenberger over 8 years ago

  • Subject changed from onw DNS incl. DNSSEC to own DNS incl. DNSSEC
Actions #3

Updated by Florian Effenberger about 8 years ago

There's www.core-networks.de which I've been using for testing. Sounds interesting, though it lacks an API it seems
I'm reluctant to switch DNS providers "just" to have DNSSEC, but maybe having one that does the DNSSEC magic and another one that just mirrors the zone could be an idea

Actions #4

Updated by Florian Effenberger about 8 years ago

  • Target version changed from Q1/2016 to Qlater
Actions #5

Updated by Florian Effenberger about 8 years ago

  • Subject changed from own DNS incl. DNSSEC to implement DNSSEC
  • Description updated (diff)
Actions #6

Updated by Florian Effenberger over 7 years ago

  • Assignee changed from Alexander Werner to Guilhem Moulin

re-assigning to Guilhem in order to clean up Redmine queues
nothing concrete to do at the moment

Actions #7

Updated by Florian Effenberger over 7 years ago

  • Target version changed from Qlater to Q1/2017

Tentatively Q1; it might help (with TLSA and the like) e-mail deliverability

Actions #8

Updated by Florian Effenberger over 7 years ago

  • Subject changed from implement DNSSEC to implement DNSSEC [Postfix client + domain later]
Actions #9

Updated by Florian Effenberger about 7 years ago

  • Target version changed from Q1/2017 to Qlater

Not that urgent actually, shifting to Qlater

Actions #10

Updated by Florian Effenberger over 6 years ago

  • Status changed from New to Rejected

Rejecting in favor of #2257

Actions

Also available in: Atom PDF