DNSSEC implementation. Anything needed on my USG?

mrwee
mrwee Posts: 40  Freshman Member
First Comment Friend Collector Fifth Anniversary
in Security
Hi,

Working on implementing DNSSEC support, so our mailserver, sitting behind a USG 110 can utilize e.g. DANE, in addition to increasing security around DNS.

I can't seem to find any Zyxel documentation mentioning DNSSEC for the USG series, so perhaps I don't need to do anything on that?

Accepted Solution

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓

    Currently, we don’t support DNSSEC, we will put this idea to our future development evaluation.


    Untitled Image

    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

All Replies

  • PeterUK
    PeterUK Posts: 3,316  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    I don't think last time I checked DNSSEC is supported yet you can check here.

    https://dnssec.vs.uni-due.de/


  • mrwee
    mrwee Posts: 40  Freshman Member
    First Comment Friend Collector Fifth Anniversary

    derp

    "Yes, your DNS resolver validates DNSSEC signatures"

    Assume that it should work for the mailserver as well then :smiley:
  • PeterUK
    PeterUK Posts: 3,316  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    Odd I checked here and the USG failed for DNSSEC...maybe you use a DNS by ISP or other? 
  • mrwee
    mrwee Posts: 40  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    My PC uses USG for DNS, which in turn uses my ISP's DNS servers. So I assume they support it. Also our domain is DNSSEC enabled, so incoming traffic is also good to go.

    So right now, it seems to work both ways. Just need to get my head around DANE :)
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,206  Zyxel Employee
    100 Answers 500 Comments Friend Collector Fourth Anniversary
    Answer ✓

    Currently, we don’t support DNSSEC, we will put this idea to our future development evaluation.


    Untitled Image

    Don't miss this great chance to upgrade your Nebula org. for free! https://bit.ly/4g2pS9L

  • mrwee
    mrwee Posts: 40  Freshman Member
    First Comment Friend Collector Fifth Anniversary
    @Zyxel_Jeff Thanks for your reply. It seems like my use-case doesn't require USG to support DNSSEC, but I assume other scenarios would, so it would probably be wise feature to implement.
  • dipen
    dipen Posts: 2
    mrwee said:
    Hi,

    Working on implementing DNSSEC support, so our mailserver, sitting behind a USG 110 can utilize e.g. DANE, in addition to increasing security around DNS.chat alternative

    I can't seem to find any Zyxel documentation mentioning DNSSEC for the USG series, so perhaps I don't need to do anything on that?
    Same trouble is here.
  • dipen
    dipen Posts: 2
    mrwee said:
    Hi,

    Working on implementing DNSSEC support, so our mailserver, sitting behind a USG 110 can utilize e.g. DANE, in addition to increasing security around DNS.chat alternative

    I can't seem to find any Zyxel documentation mentioning DNSSEC for the USG series, so perhaps I don't need to do anything on that?
    The same trouble is here.

Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)