DNSSEC support for PowerDNS (!839) · Merge requests · ISPConfig / ISPConfig 3

The source project of this merge request has been removed.

Ghost User requested to merge (removed):stable-3.1 into stable-3.1 Nov 05, 2018

The changes in this PR enable the existing PowerDNS server plugin to arrange DNSSEC for the domain, when the checkbox for dnssec_wanted is checked in the interface. It will also parse the KSK and DS records from the output afterwards, and expose them in the dnssec_info textarea so the admin can set them at the registrar.

PowerDNS works a little different than BIND, in the regard that if you disable DNSSEC, it will throw away your keys too. So if you accidentally disable it and then re-enable it, your resolving will still be broken. You will then need to update the DS or KSK records at your registrar, and wait for the DNSKEY information to hit their TTL in caching DNS servers. Since it is very important to never accidentally disable DNSSEC, we have added a bit of Javascript to show a confirmation window when you uncheck the dnssec_wanted checkbox.

DNSSEC support for PowerDNS

Merge request reports