From d5302ea8067e233d2bb60fba694c6c68a2066833 Mon Sep 17 00:00:00 2001 From: Alex Date: Sat, 28 Oct 2017 18:07:25 +0200 Subject: [PATCH] Security improvement: Switch DNSSEC Key algorithm to RSASHA256 for new keys --- server/plugins-available/bind_plugin.inc.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/server/plugins-available/bind_plugin.inc.php b/server/plugins-available/bind_plugin.inc.php index edf7b93d9f..017606995f 100644 --- a/server/plugins-available/bind_plugin.inc.php +++ b/server/plugins-available/bind_plugin.inc.php @@ -115,8 +115,8 @@ class bind_plugin { //Do some magic... exec('cd '.escapeshellcmd($dns_config['bind_zonefiles_dir']).';'. - 'dnssec-keygen -a NSEC3RSASHA1 -b 2048 -n ZONE '.escapeshellcmd($domain).';'. - 'dnssec-keygen -f KSK -a NSEC3RSASHA1 -b 4096 -n ZONE '.escapeshellcmd($domain)); + 'dnssec-keygen -a RSASHA256 -b 2048 -n ZONE '.escapeshellcmd($domain).';'. + 'dnssec-keygen -f KSK -a RSASHA256 -b 4096 -n ZONE '.escapeshellcmd($domain)); $this->soa_dnssec_sign($data); //Now sign the zone for the first time $data['new']['dnssec_initialized']='Y'; -- GitLab