Skip to content

DNSSEC CDS support for automatic key handling

Instead of having to manually copy the DNSSEC keys to the registrar from ISPconfig, only the "dnssec-policy default;" of BIND needs to be enabled for automatic key handling, see here: see here https://forum.howtoforge.com/threads/dnssec-cds-records.89962/

Changes needed in ISPconfig:

  • Add a mutual exclusive checkbox to "Sign zone (DNSSEC)" à la "Enable DNSSEC default policy"
  • Fix the apparmor file permission issues
  • Write the "dnssec-policy default;" in the config file
  • Make sure this feature is only available for newer BIND version (>= 9.17)

Thanks!