DNSSEC?

In this section we will put common questions that we get, so look here first if you have a question.
Post Reply
kivinen
Posts: 13
Joined: Wed Oct 01, 2014 1:08 pm

DNSSEC?

Post by kivinen » Thu Oct 02, 2014 1:08 pm

Does the opi support DNSSEC, i.e. does it verify the dnssec records when resolving host names? I.e. if I configure my mail server smtp.example.com does it verify it using DNSSEC?

Does opi run standalone dns resolver, something like bind or unbound or what?

Also it would be nice to have the op-i.me protected with DNSSEC. It seems .me-top level domain is signed, but op-i.me is not signed. The openproducts.com seems to be partially signed. There is DNSKEY for the openproducts.com, but there is no DS records in the .com delegating the domain securely to the openproducts.com name servers.

See http://dnsviz.net/d/openproducts.com/dnssec/ for current dnssec status of the openproducts.com.

User avatar
tor
Posts: 120
Joined: Thu Aug 14, 2014 3:42 am
Contact:

Post by tor » Sat Oct 04, 2014 6:48 am

Hi kivinen,

DNSSEC is on the roadmap but not yet implemented.

OPI does not run any standalone resolvers (Unbound looked interesting. Unfortunately it has a dep on python 2.7 :( )

/Tor

Post Reply