Choose different algorithm for DNSSEC

Discussion in 'Installation/Configuration' started by Stephan Ververda, Jun 18, 2017.

  1. When i use DNSSEC from within ISPCOnfig 3, my zones are signed using the NSEC3RSASHA1 algorythm (type 7) however i prefer to use type 8 at least (RSA/SHA-256) with a 2048 bits key. Is there any option within ISPCOnfig that i can use to set that algorithm as the default one?

    I know i can already set within BIND to automatically sign all new zones and then use the specified algorithm, but for now i don't want all news zones to be configured for DNSSEC yet.

    Configuration: ISPCOnfig 3.1.3 on Debian 8.6 with BIND 9.9.5
  2. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

Share This Page