Configure DNS Public Key Records in Webmin

1 post / 0 new
#1 Tue, 12/11/2018 - 08:31
honesta

Configure DNS Public Key Records in Webmin

I realize this is more of an infrastructure than a technology and functionality question, but if you have the chance please help me out.

One of the reasons I am asking is that when Cloudmin is made to be the DNS zone provider, each Virtualmin domain / server / zone is going to be served from the same DNS and when I do not see these things being recorded I am not sure if 1. I am doing something wrong or 2. Cloudmin / Virtualmin cannot be configured to do it for me. The other reason is I am trying to avoid blacklisting my domains due to hijacking or configuration error.

If I understand RFC2435 correctly:

  • Flag is usually 00, 01, 10, or 11 and the one used for/by dnssec is 10. Is this something Virtualmin is going to set, or may Virtualmin be configured to set it for the TLS / email portion, for each zone?

  • When the Flag is 10 should the the Protocol be 3, and again could Virtualmin set this to 1 or 2 for TLS / email?

  • When the keys are generated with a command "openssl genrsa -out example.com.priv 1024" is the Algorithm be 1?

So in Webmin the Name is going to look something like "1544501116.example._domainkey.example.com."

  • Is this string the "Selector" or only the Unix time part "1544501116" is the Selector?

  • Is this supposed to be updated / maintained every 30 days or so? How, by replacing the Unix time?

  • Is this something DNS admins should do on a regular basis, and not having a recent Selector means an un-maintained zone?

  • in a typical zone configuration, how many different types of of keys are there for a zone? For email, for ssl, for ftp each should have a differently configured key?

Thank you for reading.