DNSsec

You are currently watching the v2 legacy branch documentation.

DNSsec


Configuration options
Auto rectify

Whatever you are or are not using DNSsec on your zone the zone needs to be rectified when created in order to function. With the Auto rectify option the zone will always be rectified when it is created on the nameserver when a new order is placed.

Auto enable DNSsec

If you want DNSsec automatically be enabled on new orders you want to check this option. Default security options will be set to start right away with DNSsec zone protection.

Set NSEC3

If you do not want to use the default NSEC you can check this option to convert new zones to NSEC3 automatically.

Show key to client

You can choose whatever you want to show the DNSsec token and key to your clients.


Zone Management actions
Rectify Zone

If there is need to manual rectify the zone you can do so with this function.

Check Status

In order to check the actual DNSsec status of a zone you can use this function.

Set NSEC3

If you need to set NSEC3 manual you can use this function.

Reset Security

To remove all current zone keys and pre-signed settings and reset them to the default use this function. Current keys will be renewed.

Reset Keys

If you want to reset the local stored keys you can do so with this function. Unlike the ‘Reset Security’ function this function will only reload and not renew keys.


Security
SSH

SoluteDNS is using an SSH account to login to the PowerDNS server. We strongly recommend to take extra security measures to protect your nameserver. Avoid at all times using the root user for SoluteDNS. Instead you should create a new user especially for SoluteDNS to use. We also recommend to limit access to this account by IP address. SoluteDNS only needs access to the PowerDNS service, and does not require any other functionality of services or the operating system.


Automated rectification

When something has changed in a zone DNSsec requires it to be rectified. SoluteDNS can do this automatically by adding every zone which has been changed to a rectification queue. This queue is handled by a custom cron job. Depending on your needs you can run this custom cron as many times as you want.

In order to get this cron running you should setup a cron job for the file:

/modules/addons/solutedns/cron/rectify.cron.php

In the system tab of SoluteDNS you can find the last time the cronjob was active and running. The displayed time will only update when the cronjob was active and working. If he was called but there were no zones which required updating the last cron run time will not update. In the system tab you can also see how many domains are in the queue for rectification.