DNSSEC fields missing?

Discussion in 'ISPConfig 3 Priority Support' started by sheshes, Apr 12, 2019.

  1. sheshes

    sheshes Member

    This is how DNSSEC is described in the manual. But I haven't got these fields running the latest ispconfig 3.1.13p1 on ubuntu 18.04.
    • Sign zone (DNSSEC): Enable this checkbox to enable DNS zone signing with DNSSEC.

    • DNSSEC DS-Data for registry: This field will show the DS-Data of the signed zone. It might

     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    You can not see and use DNSSEC if you mirror DNS-Servers.
     
  3. sheshes

    sheshes Member

    Following the multiserver tutorial it suggests mirroring the nameservers. Would it be wise to keep it as such or change the nameservers and use dnssec?
     
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    If you need DNSSEC, then the only way to use it at the moment is to keep the dns servers not mirrored and create a dns slave record on ns2 in ispconfig for the zone(s) instead.
     
  5. sheshes

    sheshes Member

    So as I have my setup now (following the multiserver tutorial) i should untick the "is mirror" in the server services config and recreate all zones in secondary DNS and add a slave record for ns2 on the primare dns correct?
     
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    yes
     
  7. sheshes

    sheshes Member

    Is this close to be re-implemented or it's going to take a while? Also does DNSSEC require new SSL certs from websites and email? or same old are used?
     
  8. till

    till Super Moderator Staff Member ISPConfig Developer

    If I remember correctly, it ahs been reimplemented for 3.2 in master branch already, but haven't tested it yet. SSL certs from websites are separate from DNSSEC.
     

Share This Page