Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNSSEC #370

Open
jottekop opened this issue Dec 19, 2024 · 1 comment
Open

DNSSEC #370

jottekop opened this issue Dec 19, 2024 · 1 comment

Comments

@jottekop
Copy link

Is the acme-dns ever going support DNSSEC or possibility to sign via secondary signing server or something the like so that we create more secure records via the API? This will greatly help the effort to make the internet more secure 😄
@jderuiter
Copy link

I was also looking for DNSSEC support and ended up using CoreDNS for this. It has a plugin to add DNSSEC signature on-the-fly (https://coredns.io/plugins/dnssec/). Maybe this also works for you. For a acme-dns server listening on localhost port 5353, you could use something like the following config:

example.org {
    bind  <public interface>

    dnssec {
        key file <path to keyfile>
    }
    forward . 127.0.0.1:5353
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jottekop @jderuiter