Jump to:navigation, search


Activate DNSSEC

New in Version: 11.8.2 New function !

Activate DNSSEC

DNSSEC can be activated under → Applications →Nameserver / General.

DNSSEC Validation in Resolver: On

Warning: If the DNSSEC check is used in conjunction with forward zones, the domains to the zones must be validable in the global DNS. Replies to domains not registered globally will be rejected. This leads to SERVFAIL being used to answer queries about this domain.

When this function is activated, all DNS entries are resolved with DNSSEC without exception. This would also attempt a validation in the DNS hierarchy for only local addresses. However, due to the lack of uniqueness of the local address, it cannot be registered with higher-level DNS servers. An error message appears, the address is not resolved and the zone is therefore not accessible (using DNS).
This applies, for example, to .local domains!

Weitere Hinweise zur Umsetzung von DNSSEC finden sich in den Handlungsempfehlungen zur Einrichtung und zum Betrieb der Domain Name Security Extensions des BSI.