Right now dnssec is activated in the external manager zoneedit.com, in which I cannot modify the type of encryption or the length of the key.

And if I am looking to activate inbound and outbound dnssec with my postfix

El 28/03/2021 a las 1:03, Viktor Dukhovni escribió:
On Sat, Mar 27, 2021 at 01:59:56PM +0100, Francesc Peñalvez wrote:

I have a connection of the domestic type, with 7 computers in an
internal network, in which I do not have access to make any changes to
the ip. I use external dns service to manage the bind9 service,
although I have another installed and running locally.

OK, so you have an outsourced public authoritative server for your
DNSSEC signed domain

Both in the external and internal services of bind I have the same
configuration of dmarc and dkim and of course I would like to know, I
am really a novice in system administration, if the external dnssec
configuration that manages the domain, zoneedit, is enough to use
dnssec correctly?

You still have not explained what "use DNSSEC" means.  Your DNS
works.  The RSA ZSK is larger than I'd recommend, but otherwise
no issues.

Are you looking to enable inbound or outbound DANE on your Postfix
server?  What is the concrete Postfix-related goal for which you're
seeking advice?


Attachment: smime.p7s
Description: Firma criptográfica S/MIME

Reply via email to