Univention Bugzilla – Bug 43293
Support for DNSSEC
Last modified: 2023-05-23 16:32:55 CEST
+++ This bug was initially created as a clone of Bug #18262 +++ In der gestrigen Schulung wurde nach Support für DNSSEC in univention-bind gefragt. Das sollten wir langfristig auch unterstützen.
partner asked in the forums if the status changed (see linked ticket#)
This is now requested again by a customer
/etc/bind/named.conf.proxy: options { dnssec-enable yes; } We neither have a UCRV to set this nor a generic mechanism to set arbitrary UCRVs.
*** Bug 49572 has been marked as a duplicate of this bug. ***
As DNSSEC is becomming more and more important (see graphs for .ch here: https://www.nic.ch/de/statistics/dnssec/) and gets widely implemented (DENIC since 2010) it is an improvement to our product. Further more, NOT offering DNSSEC in will be a disadvantage for us in relation to competitors.
(In reply to Christian Völker from comment #6) > As DNSSEC is becomming more and more important (see graphs for .ch here: > https://www.nic.ch/de/statistics/dnssec/) and gets widely implemented (DENIC > since 2010) it is an improvement to our product. > > Further more, NOT offering DNSSEC in will be a disadvantage for us in > relation to competitors. You are right but it is still a feature request.
Art. 32 GDPR/DSGVO requires state of the art technology for the security of data processing. DNSSEC validation standards and necessary software are available for ten years now. The additional processing power for DNSSEC validation is insignificant. I suggest to enable /etc/bind/named.conf.proxy: options { dnssec-enable yes; } by default.
https://www.digitalocean.com/community/tutorials/how-to-setup-dnssec-on-an-authoritative-bind-dns-server--2
Another customer (SKB) inquired about DNSSEC support today.