Dnssec support?


#1

I did a search for dnssec on the forum and only thing I found was a very old thread from 2006 that had the keyword in it.

I see that for example NS1.DREAMHOST.COM is using “Served by POWERDNS 2.9.22”

Which I understand does not support dnssec, but the new 3.0 from the release notes does support it.

http://doc.powerdns.com/changelog.html#changelog-auth-3-0

“The largest news in 3.0 is of course the advent of DNSSEC. Not only does PowerDNS now (finally) support DNSSEC, we think that our support of this important protocol is among the easiest to use available. In addition, all important algorithms are supported.”

I understand the release is new, and can not expect dreamhost to upgrade their dns overnight but is there any sort of timeline to when we can see dnssec support for our dreamhost domains?

Also as a side question, is there plans for the dreamhost nameservers to listen on ipv6 anytime soon, I show no AAAA records for ns1, ns3 or ns3.dreamhost.com. Yes I see you can add AAAA records for your domain records hosted by dreamhost namservers but they can not be queried via ipv6 from what I can tell.


#2

We will probably not be upgrading directly to PowerDNS 3.0, as it’s still relatively new, and we’d rather let any bugs be ironed out before we start using it. DNSSEC support may take somewhat longer, as it involves some significant changes to the DNS database schema (and we have a LOT of zones in there).

With regard to IPv6, I believe there are plans in place to add IPv6 transit for one or more of our resolvers in the near future. I’m not sure where they stand, though.


#3

Thanks for the info - yeah I didn’t think it was going to be something done in the next couple of weeks. But knowing that it is at least being thought about would be nice.

So do you think that a 6 month time frame would be possible?

It’s not something I require, but would be a nice to have. If I really wanted could always house my domains dns elsewhere where it is supported. Even godaddy dns supports it :wink:


#4

Hmm.

The whole internet does not seem to want to use dnssec.

Do you have plans to roll this out?

Web…


#5

who is the whole Internet?

Dreamhost is known for using outdated software… What do you expect? You would think they are going to be better at this, but do they ever learn from outages and breaches?


#6

I don’t know about the rest of the internet, but I’ve been patiently waiting for over 2 years now. I’m glad they implemented IPv6 quad A records but I’d like to see IPv6 MS records and DNSSEC.


#7

Ha! 2017 and still no DNSSEC!?

“DreamHost’s nameservers are not compatible with DNSSEC. For this reason, you must host your nameservers at a 3rd party host that supports DNSSEC on their nameservers.”


#10

@realdreams: you keep violating the community guidelines, crossing the line between criticism (allowed) and personal attack (unacceptable). Your account is now silenced.