I don't know how to use DNSSEC provided by gandi.net, mainly to validate and improve mail delivery (I don't know if it is really necessary). The DNS Zones are with the provider and not on the server with ISPConfig. I have been studying the subject for a few days now, but I have little understanding of how to use DNSSEC from gandi net. If someone has experience with gandi maybe you can tell me if I just need to activate DNSSEC in gandi or if it is necessary to generate and configure the keys on the server? Note: I am not using the mail services provided by gandi I use the ones on my server with ispconfig. Thank you very much
My understanding of DNSSEC is it does not validate or improve e-mail delivery. DANE might do that, but I'm not sure it is widely used yet or better that getting certificates from Let's Encrypt or other CA. It this case I assume you have web interface at Gandi, and there is a choise to turn on DNSSEC. That should be it, Gandi takes care of the signing keys and sending them to upper level domain.
I have tested before and after activating DNSSEC, I don't really know its usefulness, but at least the mails are arriving to the gmail inbox while it is activated. Otherwise all fine. Thanks for the answers, best regards.
