DNSSEC implementation. Anything needed on my USG?

Options
mrwee
mrwee Posts: 40  Freshman Member
First Anniversary 10 Comments Friend Collector
Hi,

Working on implementing DNSSEC support, so our mailserver, sitting behind a USG 110 can utilize e.g. DANE, in addition to increasing security around DNS.

I can't seem to find any Zyxel documentation mentioning DNSSEC for the USG series, so perhaps I don't need to do anything on that?

Accepted Solution

All Replies

  • PeterUK
    PeterUK Posts: 2,994  Guru Member
    Community MVP First Anniversary 10 Comments Friend Collector
    Options

    I don't think last time I checked DNSSEC is supported yet you can check here.

    https://dnssec.vs.uni-due.de/


  • mrwee
    mrwee Posts: 40  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options

    derp

    "Yes, your DNS resolver validates DNSSEC signatures"

    Assume that it should work for the mailserver as well then :smiley:
  • PeterUK
    PeterUK Posts: 2,994  Guru Member
    Community MVP First Anniversary 10 Comments Friend Collector
    Options
    Odd I checked here and the USG failed for DNSSEC...maybe you use a DNS by ISP or other? 
  • mrwee
    mrwee Posts: 40  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options
    My PC uses USG for DNS, which in turn uses my ISP's DNS servers. So I assume they support it. Also our domain is DNSSEC enabled, so incoming traffic is also good to go.

    So right now, it seems to work both ways. Just need to get my head around DANE :)
  • Zyxel_Jeff
    Zyxel_Jeff Posts: 1,131  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Answer ✓
    Options

    Currently, we don’t support DNSSEC, we will put this idea to our future development evaluation.

  • mrwee
    mrwee Posts: 40  Freshman Member
    First Anniversary 10 Comments Friend Collector
    Options
    @Zyxel_Jeff Thanks for your reply. It seems like my use-case doesn't require USG to support DNSSEC, but I assume other scenarios would, so it would probably be wise feature to implement.
  • dipen
    dipen Posts: 2
    Options
    mrwee said:
    Hi,

    Working on implementing DNSSEC support, so our mailserver, sitting behind a USG 110 can utilize e.g. DANE, in addition to increasing security around DNS.chat alternative

    I can't seem to find any Zyxel documentation mentioning DNSSEC for the USG series, so perhaps I don't need to do anything on that?
    Same trouble is here.
  • dipen
    dipen Posts: 2
    Options
    mrwee said:
    Hi,

    Working on implementing DNSSEC support, so our mailserver, sitting behind a USG 110 can utilize e.g. DANE, in addition to increasing security around DNS.chat alternative

    I can't seem to find any Zyxel documentation mentioning DNSSEC for the USG series, so perhaps I don't need to do anything on that?
    The same trouble is here.

Security Highlight