Choose different algorithm for DNSSEC

Discussion in 'Installation/Configuration' started by Stephan Ververda, Jun 18, 2017.

  1. Stephan Ververda

    Stephan Ververda New Member

    When i use DNSSEC from within ISPCOnfig 3, my zones are signed using the NSEC3RSASHA1 algorythm (type 7) however i prefer to use type 8 at least (RSA/SHA-256) with a 2048 bits key. Is there any option within ISPCOnfig that i can use to set that algorithm as the default one?

    I know i can already set within BIND to automatically sign all new zones and then use the specified algorithm, but for now i don't want all news zones to be configured for DNSSEC yet.

    Configuration: ISPCOnfig 3.1.3 on Debian 8.6 with BIND 9.9.5
     
  2. Jesse Norell

    Jesse Norell Well-Known Member

  3. Stephan Ververda

    Stephan Ververda New Member

Share This Page