DNSSEC: one KEYSET for all domains hosted

Discussion in 'General' started by lachyn, Dec 8, 2016.

  1. lachyn

    lachyn New Member

    DNSSEC running well for me in 3.1, but I have one question to the implementation. Always when I want to enable DNSSEC on my domain I have to first register KEYSET at my domain registrar, with key-signing key generated for my DNS zone, and than refer it at my domain configuration. Is there some possibility to have only "master" KEYSET for all domains hosted on my DNS server, that I could always refer? E.g. as NSSET ....
  2. Jesse Norell

    Jesse Norell Well-Known Member Staff Member Howtoforge Staff

    It's not supported in ISPConfig. I believe technically you could make that work, though it seems there are easy arguments against it for most cases. A better solution would be to integrate ISPConfig DNS changes with an api at your registrar; I believe opensrs supports that, and I'd imagine a few others would as well.

Share This Page