Auto-DNSSEC for CoreDNS

Hey @miekg, what would it take to get CoreDNS to enable DNSSEC automatically, kinda like how Caddy does TLS automatically? It could still be customized with the dnssec directive like Caddy allows customizing TLS with the tls directive. I feel like this would make it more fully congruent with the Caddy ecosystem.

Yes, that will be the plan. A user just enabled DNSSEC and CoreDNS will take care of uploading the DS record to the parent, signing the zone and rolling the keys.

I haven’t got any cycles to spend on this though. Cloud discovery is the current prio, DNSSEC is somewhat later, but yes, I want to be the Caddy of DNSSEC with CoreDNS :slight_smile:


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.