Task #1478
closed
implement DNSSEC [Postfix client + domain later]
Added by Florian Effenberger about 9 years ago.
Updated over 7 years ago.
Target version:
Team - Qlater
Description
We should look into migrating to DNSSEC.
Florian privately made some good experiences with core-networks.de (signing is super-easy, they just lack an API for zones which we haven't used anyways in the past)
There's a sponsoring offer on the table for backup DNS.
An idea would be to have core-networks as main DNSSEC provider, and take advantage of the sponsoring offer as mirror/fallback (secondary zone with AXFR).
I'd start with less-prominent domains first to gain some experience.
I would, contrary to the initial scope of the ticket, not consider hosting DNS on our own.
- Category set to Domains and DNS
- Subject changed from onw DNS incl. DNSSEC to own DNS incl. DNSSEC
There's www.core-networks.de which I've been using for testing. Sounds interesting, though it lacks an API it seems
I'm reluctant to switch DNS providers "just" to have DNSSEC, but maybe having one that does the DNSSEC magic and another one that just mirrors the zone could be an idea
- Target version changed from Q1/2016 to Qlater
- Subject changed from own DNS incl. DNSSEC to implement DNSSEC
- Description updated (diff)
- Assignee changed from Alexander Werner to Guilhem Moulin
re-assigning to Guilhem in order to clean up Redmine queues
nothing concrete to do at the moment
- Target version changed from Qlater to Q1/2017
Tentatively Q1; it might help (with TLSA and the like) e-mail deliverability
- Subject changed from implement DNSSEC to implement DNSSEC [Postfix client + domain later]
- Target version changed from Q1/2017 to Qlater
Not that urgent actually, shifting to Qlater
- Status changed from New to Rejected
Rejecting in favor of #2257
Also available in: Atom
PDF