DNSSEC support for PowerDNS
See #5161 (closed)
The changes in this PR enable the existing PowerDNS server plugin to arrange DNSSEC for the domain, when the checkbox for dnssec_wanted
is checked in the interface. It will also parse the KSK and DS records from the output afterwards, and expose them in the dnssec_info
textarea so the admin can set them at the registrar.
PowerDNS works a little different than BIND, in the regard that if you disable DNSSEC, it will throw away your keys too. So if you accidentally disable it and then re-enable it, your resolving will still be broken. You will then need to update the DS or KSK records at your registrar, and wait for the DNSKEY information to hit their TTL in caching DNS servers. Since it is very important to never accidentally disable DNSSEC, we have added a bit of Javascript to show a confirmation window when you uncheck the dnssec_wanted
checkbox.