Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum
Apps | Demo | Docs | Install

DNSSEC - pros, cons?

Scheduled Pinned Locked Moved Off-topic
4 Posts 3 Posters 382 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • humptydumptyH Offline
    humptydumptyH Offline
    humptydumpty
    wrote on last edited by
    #1

    Has anyone set up DNSSEC before? Is it worth the hassle and what are some cons you've come across?

    My domains are hosted with NameSilo and I'm using DNSMadeEasy to manage my domains that point to a VPS with Contabo.

    In my NameSilo account, I found the area where to add the DNSSEC keys/info and according to my search, it seems I need to get those keys from my VPS host (Contabo). However, I'm not sure if it would work since I use a middleman (DNSME) to manage my DNS.

    A penny for your thoughts!

    1 Reply Last reply
    0
  • mehdiM Offline
    mehdiM Offline
    mehdi App Dev
    wrote on last edited by
    #2

    Don't bother. Basically, it's useless, as clients do not rely on it, sadly 🤷

    humptydumptyH 1 Reply Last reply
    2
  • humptydumptyH Offline
    humptydumptyH Offline
    humptydumpty
    replied to mehdi on last edited by
    #3

    @mehdi That's a shame. Thanks!

    1 Reply Last reply
    0
  • G Offline
    G Offline
    gml
    wrote on last edited by
    #4

    I use it, in combination with DANE for certificate pinning in DNS.
    mehdi is sort of right - clients dont really use it, some mail providers do. But I know of no one that enforces it (by dropping e-mails or traffic).

    I use a browser add on in Firefox that displays me the DNSSEC and DANE status of webpages I'm visiting. With the add on I know at least something is odd when it fails on my own pages / domains.

    1 Reply Last reply
    2

  • Login
  • Don't have an account? Register
  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks