FR: DNSSEC support in DA
- Thread starter interfasys
- Start date
interfasys
Verified User
Not if your firewall is properly configured and your data centre technicians know what they are doing 
interfasys
Verified User
This will help greatly with security and yes, things will break, but not because of DA not having that feature.
Ncftp supports DNSSEC now, which means that, if you use it, it will be harder for a criminal to reroute your backups to some server that you think is your backup server.
Ncftp supports DNSSEC now, which means that, if you use it, it will be harder for a criminal to reroute your backups to some server that you think is your backup server.
tillo
Verified User
There is plenty of information about DNSSEC on the web, and there are no straight answers to your questions, but know that:
- DNSSEC is an extension to the DNS protocol supposed to be backward-compatible: it means, if you do not change anything, you won't probably even feel the difference
- the purpose of DNSSEC is, in a few words, to make a client trust a DNS reply coming from any DNS forwarder; if you don't want/use it and you are concerned about security, it will make a BIG difference (because cache poisoning is possible)
From a user point of view:
- if a client you use wants DNS replies with DNSSEC activated (this will eventually become a standard, otherwise DNSSEC loses its purpose), know that some routers are incompatible and queries will fail until you change/upgrade it
From a hoster point of view:
- if one of your DNS customers creates a key and wants to use DNSSEC for his domain, you won't be able to accept his request because DirectAdmin doesn't manage it, and worst of all it will eventually overwrite the zone file if you do it manually
- DNSSEC is an extension to the DNS protocol supposed to be backward-compatible: it means, if you do not change anything, you won't probably even feel the difference
- the purpose of DNSSEC is, in a few words, to make a client trust a DNS reply coming from any DNS forwarder; if you don't want/use it and you are concerned about security, it will make a BIG difference (because cache poisoning is possible)
From a user point of view:
- if a client you use wants DNS replies with DNSSEC activated (this will eventually become a standard, otherwise DNSSEC loses its purpose), know that some routers are incompatible and queries will fail until you change/upgrade it
From a hoster point of view:
- if one of your DNS customers creates a key and wants to use DNSSEC for his domain, you won't be able to accept his request because DirectAdmin doesn't manage it, and worst of all it will eventually overwrite the zone file if you do it manually
nieuwhier
Verified User
It would be good if DA can tell us something about DA <-> DNSSEC.
It's about time for all of us to start implementing this since all important TLD's support it now. More and more customers are asking for it.
It's about time for all of us to start implementing this since all important TLD's support it now. More and more customers are asking for it.
interfasys
Verified User
More and more root servers support it. Recently .co announced it was ready. This should be the next big item after IPv6.
Arieh
Verified User
+1 from me too then 
interfasys
Verified User
This needs more vote so that it can make it into 1.4
SeLLeRoNe
Super Moderator
1.4 of what?
+1 for btw
Regards
+1 for btw
Regards
zEitEr
Super Moderator
Directadmin version, I guess, is mentioned here above.
DNSSEC support in DA?
Hello, after years it seems that DA developers are not thinking about DNSSEC support in DirectAdmin. What do you mean, do you want DNSSEC? I am afraid we have to implement it because every day our competitors are implementing this feature and clients are going away when we are not able to provide these new things...
Here is reply to our question about DNSSEC sent do DA support. We would like to see DNSSEC support implemented in DA itself from DA developers
---
Hello,
We have not looked at it, but the version of bind installed is 100% stock from the package systems.
In theory (we havn't tried it), you could just follow the standard dnssec guides to implement it.
I can't say much beyond that as we have not looked at it.
Thank you.
Hello, after years it seems that DA developers are not thinking about DNSSEC support in DirectAdmin. What do you mean, do you want DNSSEC? I am afraid we have to implement it because every day our competitors are implementing this feature and clients are going away when we are not able to provide these new things...
Here is reply to our question about DNSSEC sent do DA support. We would like to see DNSSEC support implemented in DA itself from DA developers
---
Hello,
We have not looked at it, but the version of bind installed is 100% stock from the package systems.
In theory (we havn't tried it), you could just follow the standard dnssec guides to implement it.
I can't say much beyond that as we have not looked at it.
Thank you.
nobaloney
NoBaloney Internet Svcs - In Memoriam †
Please feel free to study it and start posting as you're getting somewhere. Lots of DirectAdmin features come to be when uses start looking at the need for them.
Jeff
Jeff