interfasys
Verified User
Thank you for implementing this feature 
FR: DNSSEC support in DA
- Thread starter interfasys
- Start date
How can you retrieve the KSK key true the api to use a script to get the keys to the registry ?
I dont feel mutch like signing over all domains manually to be honest
I have tested now with one domain manually and it works perfect after doing some research on dnssec
- Joined
- Feb 27, 2003
- Messages
- 8,509
There is definitely room for some polish with the feature.
I still need implement an API call so the keys can be retrieved from DA..
Exactly how they make it to the registrar might be beyond DA's scope, but the API would be an important part in automating the process with whatever interface the registrar has, if any.
I'll take a look at this and reply once I have something implemented.
John
I still need implement an API call so the keys can be retrieved from DA..
Exactly how they make it to the registrar might be beyond DA's scope, but the API would be an important part in automating the process with whatever interface the registrar has, if any.
I'll take a look at this and reply once I have something implemented.
John
- Joined
- Feb 27, 2003
- Messages
- 8,509
Hello,
I've coded an API for DNSSEC:
http://www.directadmin.com/features.php?id=1535
I'm not 100% sure if it's giving you all the required data.. from my understanding you'd mainly only need the DS data to send to the registrar.
If you need other fields, let me know.
Uploading the pre-release binaries shortly.
John
I've coded an API for DNSSEC:
http://www.directadmin.com/features.php?id=1535
I'm not 100% sure if it's giving you all the required data.. from my understanding you'd mainly only need the DS data to send to the registrar.
If you need other fields, let me know.
Uploading the pre-release binaries shortly.
John
Arieh
Verified User
Good work!
I've contacted my registrar about it. I'm guessing everything is there but I've asked them.
I wonder about the monthly reset, is it on like the first day of the month? I guess a script using the API should be used afterwards.
I've contacted my registrar about it. I'm guessing everything is there but I've asked them.
I wonder about the monthly reset, is it on like the first day of the month? I guess a script using the API should be used afterwards.
StroeveICT
New member
- Joined
- Apr 15, 2013
- Messages
- 3
Good work
I'm testing this feature with one of my dutch .nl domains.
The .nl registrar requires the DNSKEY record.
So I need to fill in the key id, algorithm, type (ksk), public dnskey.
I've copied the public dnskey from the file /etc/bind/domain.nl.ksk.key.
Currently the used algorithm in dnssec.sh is set to RSA-SHA1 (5).
What I've read about DNSSEC is that it's better to use RSA-SHA256 (8).
Maybe you could change the default or make it configurable.
I'm testing this feature with one of my dutch .nl domains.
The .nl registrar requires the DNSKEY record.
So I need to fill in the key id, algorithm, type (ksk), public dnskey.
I've copied the public dnskey from the file /etc/bind/domain.nl.ksk.key.
Currently the used algorithm in dnssec.sh is set to RSA-SHA1 (5).
What I've read about DNSSEC is that it's better to use RSA-SHA256 (8).
Maybe you could change the default or make it configurable.
After attending a security seminar I realised how vulnerable DNS is. So I decided to use DNSSEC from now.
Great to see support from DA for this! Works very well.
I've generated the keys and signed a domain. I've added the ksk key to my registrar. Is that it?
I read something about the zsk key, it should be generated more frequently while the ksk can be the same for one year (best practice).
How do you change the zsk key?
Great to see support from DA for this! Works very well.
I've generated the keys and signed a domain. I've added the ksk key to my registrar. Is that it?
I read something about the zsk key, it should be generated more frequently while the ksk can be the same for one year (best practice).
How do you change the zsk key?