DNSSec update keys

Discussion in 'ISPConfig 3 Priority Support' started by muekno, Dec 11, 2018.

  1. muekno

    muekno Member HowtoForge Supporter

    i can not find who to update the keys.
    Any hint? The ISPConfig manual ist not up to date there
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    I don't know, have not implemented the DNSSEC part.
  3. muekno

    muekno Member HowtoForge Supporter

    OK, so the actuell implementation does not work, will this be implemented some time?
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    The actual DNSSEC implementation is working fine according to reports from many users. I just said that I've not implemented it and that I don't use it and therefore I can't tell you any more details.
  5. muekno

    muekno Member HowtoForge Supporter

    Sorry that I insist again, that you don not use ist is one thing, ISPConfig ist you product, I pay support for since some years and it is a fine product. There is an implementation, some users say it is working, some say it is not reading the forum. As it is implemented it should be supported, if you did not implement it so please lead my request to the person who implemented it. I used it but there are problems with it, as i wrote here in the forum a long time ago with an an answer like the above. As the DNSSEC master keys were renewed some weeks ago I tried to make it running correct again. I had a simple quest, who to replace the key, and if that t is not possible now, I the is a time frame when that will be implemented in a usefull way. Somewhere in the forum I found a note, it had to be rewritten complete new, ok I understand that, but even then there might be an answer about a time frame, even if it says "I do not know, may be never or same time next year". I think for payed support I can expect an answer, saying more than "I do not use it, I do no implement it"
    Kind regards
  6. till

    till Super Moderator Staff Member ISPConfig Developer

    First, ISPConfig is an OpenSource project and not my product. In an OpenSource project, a group of people contributes code to the project entity. That's very different from a product (which is developed by a company). This also means that there is some third-party contributed code, like the one for DNSSEC, which not very developer knows in detail, especially when he does not use that specific function as in my case.

    Then you mix up paid support with the priority forum. Paid support for ISPConfig is available here, provided by the company Schaal @IT:


    The priority forum is what's described in the first sticky post of this forum:


    In the priority support forum, we take care that your posts get read by an ISPConfig developer and we answer them with a higher priority, especially as the core developers are not able to read all questions in the forum due to lack of time. This does not mean that we have an answer to every question, we nowhere claim that.

    You mix things up here. DNSSEC was rewritten for 3.2 due to the inability to work in mirror setups. That's not related to key renewal at all.

    Back to your original question:

    The zone gets re-signed automatically every 5 days, see dnssec cronjob (550-bind_dnssec.inc.php) in ISPConfig. The keys do not need to be changed for that and they will not get changed as that's not necessary. See also: https://serverfault.com/questions/3...-keys-which-i-deposited-at-my-domain-provider
  7. muekno

    muekno Member HowtoForge Supporter

    Thank you for clearing that
    Kind regards

Share This Page