powerdns-on-rails icon indicating copy to clipboard operation
powerdns-on-rails copied to clipboard
verified publisher icon kennethkalmer

add support for dnssec

Open stalker37 opened this issue 11 years ago • 4 comments

please add support of dnssec and co. it's not good run manually pdnssec rectify-zone for all new zones.

stalker37 avatar Jun 22 '14 08:06 stalker37

I would love to add this, but I have absolutely no idea of what would be involved. Would you mind providing some information right here in this ticket? Some steps, links to HOWTO's, what kind of changes the UI would need, do we need to store certificates somewhere?

Thanks!

kennethkalmer avatar Dec 07 '14 00:12 kennethkalmer

https://doc.powerdns.com/md/authoritative/dnssec/ should be a good starting point.

The main things to do is to run pdnssec rectify-zone after zone updates, to provide a button to run pdnssec secure-zone, one to display the output of pdnssec show-zone, one for pdnssec disable-dnssec and maybe one for pdnssec set-nsec3/unset-nsec3. Not all commands provided by pdnssec are actually directly related to DNSSEC, but gradually making all of them available in addition to the above mentioned ones, would be good features IMO. Especially managing TSIG keys.

jhass avatar Jan 15 '15 13:01 jhass

@jhass thanks for the info. Next question, what about the situation where this app is not deployed on the DNS servers? Would the command still function fine if pdns is installed on the same server, even if just to provide this command?

In addition, this might be nice to have behind a feature flag for those that don't want DNSSEC...

kennethkalmer avatar Jan 15 '15 15:01 kennethkalmer

Probably not, though for remote access, a frontend utilizing the new REST API, which handles all the DNSSEC stuff already, might be better than exposing the DB server to the network anyway.

jhass avatar Jan 15 '15 15:01 jhass