These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for How to use DNSSEC in BIND? on the new forum.
The DNSSEC feature just showed up for me after today's update. I don't see anything in the wiki about it and looking at http://www.dnssec.net/ doesn't really tell me the impact on my existing sites if I start putting it in, etc.
Can I just generate any key I'd like there? If so, are there any recommendations for best compatibility, and how I could go about testing the installation afterwards (preferably via an external service)
Thanks.
Unfortunately, at the current time DNSSEC isn't really very useful in practice. The reason is that the root zone has not yet been signed, so there is no way for DNS clients to follow a path of trust to ensure that your zones are properly signed.
Once this happens (which is really a political issue), and once registrars start accepting DNSSEC public keys, I will publish Virtualmin docs explaining how to use DNSSEC.
--
Check out the forum guidelines!
Now that the root zone is signed, is there any new information on this issue?
I searched for documentation first, I promise.
G
I would like to resurrect this thread
j2sw.com
I just started using DNSSEC last week with a new install of Virtualmin. You enable it in Virtualmin and add the corresponding "key tag" and "digest" in the registrar's control panel for the corresponding domain.