You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2015-02-26 13:43:07
- TcShadowWalker
- Member
- Registered: 2013-06-04
- Posts: 6
Dnssec for archlinux.org
Hello,
Are there plans for archlinux.org to use DNSSEC for the domain?
Many relevant Linux distribution communities are signing their domain records with DNSSEC by now.
Debian, Fedora, Gentoo and many other open-source projects, like FreeBSD.
Debian.org and freebsd.org are the most progressive here, also using TLSA records on top of Dnssec.
It's unfortunate that kernel.org is still missing from the list,
but seeing Arch there would be a step in the right direction. 
I couldn't find anything related using the search function.
Offline
#2 2015-02-26 14:29:35
- Allan
- Pacman
- From: Brisbane, AU
- Registered: 2007-06-09
- Posts: 11,385
- Website
Offline
#3 2015-02-26 20:24:07
- smirky
- Member
- From: Bulgaria
- Registered: 2013-02-23
- Posts: 277
- Website
Re: Dnssec for archlinux.org
I just found out about this and started trying to integrate it with my DNS. Man, this is a huge pain in the ass 
I can't seem to configure it properly...
Personal spot :: https://www.smirky.net/ :: Try not to get lost!
Offline
#4 2015-03-01 04:06:27
- TcShadowWalker
- Member
- Registered: 2013-06-04
- Posts: 6
Re: Dnssec for archlinux.org
I just found out about this and started trying to integrate it with my DNS. Man, this is a huge pain in the ass
It's actually not that difficult.
There are many blog-posts explaining the setup.
What seems to be the trouble? Dnssec itself, or DANE?
The only pain on the ass, in my opinion, is that many hosting/domain providers still don't offer support for storing your DS records.
I was previously using namedcheap, who have been "adding DNSSEC support in the near future"... for the last three years. And it's still not there.
Luckily, there are other domain registrars that are able to stick a simple DS records in their zonefile.
Offline
#5 2015-03-01 09:21:19
- smirky
- Member
- From: Bulgaria
- Registered: 2013-02-23
- Posts: 277
- Website
Re: Dnssec for archlinux.org
smirky wrote:I just found out about this and started trying to integrate it with my DNS. Man, this is a huge pain in the ass
It's actually not that difficult.
There are many blog-posts explaining the setup.
What seems to be the trouble? Dnssec itself, or DANE?The only pain on the ass, in my opinion, is that many hosting/domain providers still don't offer support for storing your DS records.
I was previously using namedcheap, who have been "adding DNSSEC support in the near future"... for the last three years. And it's still not there.
Luckily, there are other domain registrars that are able to stick a simple DS records in their zonefile.
I managed to get it done 2 days ago. Turns out that my DS record isn't handled by me at all, but rather my domain provider as you said above. It's all working now 
Too bad the wiki isn't filled with the information I had to go through, but I'm wondering if I should have the honor to edit it...
Personal spot :: https://www.smirky.net/ :: Try not to get lost!
Offline
Pages: 1