DNSSEC implementation. Anything needed on my USG?

mrwee
mrwee Posts: 40
First Comment Friend Collector Fifth Anniversary
 Freshman Member
Hi,

Working on implementing DNSSEC support, so our mailserver, sitting behind a USG 110 can utilize e.g. DANE, in addition to increasing security around DNS.

I can't seem to find any Zyxel documentation mentioning DNSSEC for the USG series, so perhaps I don't need to do anything on that?

Accepted Solution

  • Zyxel_Jeff
    Zyxel_Jeff Posts: 873
    50 Answers 500 Comments Friend Collector Second Anniversary
     Zyxel Employee
    Answer ✓

    Currently, we don’t support DNSSEC, we will put this idea to our future development evaluation.

All Replies

  • PeterUK
    PeterUK Posts: 2,248
    100 Answers 1000 Comments Friend Collector Sixth Anniversary
     Guru Member

    I don't think last time I checked DNSSEC is supported yet you can check here.

    https://dnssec.vs.uni-due.de/


  • mrwee
    mrwee Posts: 40
    First Comment Friend Collector Fifth Anniversary
     Freshman Member

    derp

    "Yes, your DNS resolver validates DNSSEC signatures"

    Assume that it should work for the mailserver as well then :smiley:
  • PeterUK
    PeterUK Posts: 2,248
    100 Answers 1000 Comments Friend Collector Sixth Anniversary
     Guru Member
    Odd I checked here and the USG failed for DNSSEC...maybe you use a DNS by ISP or other? 
  • mrwee
    mrwee Posts: 40
    First Comment Friend Collector Fifth Anniversary
     Freshman Member
    My PC uses USG for DNS, which in turn uses my ISP's DNS servers. So I assume they support it. Also our domain is DNSSEC enabled, so incoming traffic is also good to go.

    So right now, it seems to work both ways. Just need to get my head around DANE :)
  • mrwee
    mrwee Posts: 40
    First Comment Friend Collector Fifth Anniversary
     Freshman Member
    @Zyxel_Jeff Thanks for your reply. It seems like my use-case doesn't require USG to support DNSSEC, but I assume other scenarios would, so it would probably be wise feature to implement.
  • dipen
    dipen Posts: 2
    mrwee said:
    Hi,

    Working on implementing DNSSEC support, so our mailserver, sitting behind a USG 110 can utilize e.g. DANE, in addition to increasing security around DNS.chat alternative

    I can't seem to find any Zyxel documentation mentioning DNSSEC for the USG series, so perhaps I don't need to do anything on that?
    Same trouble is here.
  • dipen
    dipen Posts: 2
    mrwee said:
    Hi,

    Working on implementing DNSSEC support, so our mailserver, sitting behind a USG 110 can utilize e.g. DANE, in addition to increasing security around DNS.chat alternative

    I can't seem to find any Zyxel documentation mentioning DNSSEC for the USG series, so perhaps I don't need to do anything on that?
    The same trouble is here.

Security Highlight