| ▲ | deepsun 4 hours ago |
| How to make it DNSSEC? |
|
| ▲ | gucci-on-fleek 3 hours ago | parent | next [-] |
| With Knot, you can just add ~8 lines to your config [0], copy the records to your registrar, and then you're done. [0]: https://www.knot-dns.cz/docs/3.5/singlehtml/index.html#autom... |
| |
| ▲ | adiabatichottub 3 hours ago | parent [-] | | Knot does make it quite easy. Also, their devs are very responsive to support questions on their mailing list. It is currently my favored DNS. |
|
|
| ▲ | adiabatichottub 3 hours ago | parent | prev [-] |
| If you don't absolutely have to, then don't. That is to say, if you misconfigure it, or try to turn it off, you will have an invalid domain until the TTL runs out, and it's really just not worth the headache unless you have a real use case. |
| |
| ▲ | deepsun 2 hours ago | parent [-] | | I consider it as basic security measure as SSL. Otherwise any MitM can easily redirect users to a phishing resource. Did DNSSEC for company website, worked with zero maintenance for several years. On a cloud-provided DNS. Would want the same on self-hosted DNS too. | | |
| ▲ | 0x073 an hour ago | parent [-] | | "Otherwise any MitM can easily redirect users to a phishing resource." Yes, but with nowadays https/tls usage it's almost irrelevant for normal websites. If bad actors can create valid tls certs they can solve the dnssec problem. |
|
|
