How can I use the DNSSEC provided by gandi when acquiring a domain?

Discussion in 'Server Operation' started by Milly, Mar 28, 2022.

  1. Milly

    Milly Member

    I don't know how to use DNSSEC provided by, mainly to validate and improve mail delivery (I don't know if it is really necessary).

    The DNS Zones are with the provider and not on the server with ISPConfig.

    I have been studying the subject for a few days now, but I have little understanding of how to use DNSSEC from gandi net.

    If someone has experience with gandi maybe you can tell me if I just need to activate DNSSEC in gandi or if it is necessary to generate and configure the keys on the server?

    Note: I am not using the mail services provided by gandi I use the ones on my server with ispconfig.

    Thank you very much
  2. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    My understanding of DNSSEC is it does not validate or improve e-mail delivery. DANE might do that, but I'm not sure it is widely used yet or better that getting certificates from Let's Encrypt or other CA.
    It this case I assume you have web interface at Gandi, and there is a choise to turn on DNSSEC. That should be it, Gandi takes care of the signing keys and sending them to upper level domain.
    Milly likes this.
  3. Th0m

    Th0m ISPConfig Developer Staff Member ISPConfig Developer

    Just enabling it should work, if they put the DNSSEC keys in the root zone for the tld.
    Milly likes this.
  4. Milly

    Milly Member

    I have tested before and after activating DNSSEC, I don't really know its usefulness, but at least the mails are arriving to the gmail inbox while it is activated.

    Otherwise all fine.

    Thanks for the answers, best regards.

Share This Page