Yes. I sign my zones and have a DNSSEC validating DNS resolver.
I recommend trying https://www.knot-dns.cz/, it automatically takes care of rotating keys and signing, so enabling DNSSEC for your zone is just a matter of enabling automatic signing in it's config file.
@miegl said:
Yes. I sign my zones and have a DNSSEC validating DNS resolver.
I recommend trying https://www.knot-dns.cz/, it automatically takes care of rotating keys and signing, so enabling DNSSEC for your zone is just a matter of enabling automatic signing in it's config file.
I use it on static domains. I don't use it so much on ones with dynamic IP determination (tied to up/down monitors, geo-routed, etc.) because I have not yet assessed the performance impact of on-the-fly signing on our nameservers - that's on the to-do list probably some time in the new year.
Comments
Yes. I sign my zones and have a DNSSEC validating DNS resolver.
I recommend trying https://www.knot-dns.cz/, it automatically takes care of rotating keys and signing, so enabling DNSSEC for your zone is just a matter of enabling automatic signing in it's config file.
thanks for your sharing
I use it on static domains. I don't use it so much on ones with dynamic IP determination (tied to up/down monitors, geo-routed, etc.) because I have not yet assessed the performance impact of on-the-fly signing on our nameservers - that's on the to-do list probably some time in the new year.
No. From what I could figure, especially for my intended use, it's more hassle (potential problems) than it helps.
Relja of House Novović, the First of His Name, King of the Plains, the Breaker of Chains, WirMach Wolves pack member
BikeGremlin's web-hosting reviews
I use it wherever I can, unfortunately, not all registrars support it.
I enabled it on my first domain. So far no issues. Using Cloudflare and Porkbun.