-
-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DNSSEC Zone keys are always the same #878
Comments
This is actually expected behavior - turning DNSSEC off and on again intentionally doesn't re-generate the key, since this would force users to update the records with their registrar. There is a separate button to create a new key though. |
I thought so
p.s. I am on authentic theme |
It's at Webmin -> Servers -> BIND DNS Server -> whatever.com -> Setup DNSSEC Key -> Remove Key |
We have 2 options here:
@jcameron What are your thoughts |
Why re-generate the key? It should never be necessary. |
My thoughts
|
I think this is a niche feature for Virtualmin to have. |
Yeah I kind of agree with Ilia here, it's a niche feature and also already available to the |
Update Help textIf this is a niche feature could the help be updated instead of the buttons.
additionalthe actual layout of the options on the page are not correctly sorted anymore ie |
Thanks, I'll take a look at this later. |
background
I am trying to figure out why I have a chain of trust issue on my primary domain
sexample.com
, not my system hostnameserver.example.com
.the issue
I wanted to regenerate my DNS signatures and then upload the new one to my registrar to see if this was the issue so on my
example.com
domain so I did the following;Virtualmin --> DNS Settings --> DNS Options
DNSSEC signature enabled
fromyes
tono
and saved the changedDNSSEC signature enabled
fromno
toues
and saved the changedI expected this to change the private and public keys etc in
DNSSEC zone keys
, but the value were exactly the same afterwardsproposed solution
add a regenerate button with a warning saying that you will need to make changes upstream at your registrar to prevent your domain being flagg as untrusted etc.... or something simimiliar to that
additional
If I manually add an A record eg
ns1.example.com
does this trigger the DNSSEC signatures for it to be created?The text was updated successfully, but these errors were encountered: