DNSSEC CDS support for automatic key handling
Instead of having to manually copy the DNSSEC keys to the registrar from ISPconfig, only the "dnssec-policy default;" of BIND needs to be enabled for automatic key handling, see here: see here https://forum.howtoforge.com/threads/dnssec-cds-records.89962/
Changes needed in ISPconfig:
- Add a mutual exclusive checkbox to "Sign zone (DNSSEC)" à la "Enable DNSSEC default policy"
- Fix the apparmor file permission issues
- Write the "dnssec-policy default;" in the config file
- Make sure this feature is only available for newer BIND version (>= 9.17)
Thanks!