add support for dnssec

[stalker37]

please add support of dnssec and co.
it's not good run manually pdnssec rectify-zone for all new zones.

[kennethkalmer]

I would love to add this, but I have absolutely no idea of what would be involved. Would you mind providing some information right here in this ticket? Some steps, links to HOWTO's, what kind of changes the UI would need, do we need to store certificates somewhere?

Thanks!

[jhass]

https://doc.powerdns.com/md/authoritative/dnssec/ should be a good starting point.

The main things to do is to run pdnssec rectify-zone after zone updates, to provide a button to run pdnssec secure-zone, one to display the output of pdnssec show-zone, one for pdnssec disable-dnssec and maybe one for pdnssec set-nsec3/unset-nsec3. Not all commands provided by pdnssec are actually directly related to DNSSEC, but gradually making all of them available in addition to the above mentioned ones, would be good features IMO. Especially managing TSIG keys.

[kennethkalmer]

@jhass thanks for the info. Next question, what about the situation where this app is not deployed on the DNS servers? Would the command still function fine if pdns is installed on the same server, even if just to provide this command?

In addition, this might be nice to have behind a feature flag for those that don't want DNSSEC...

[jhass]

Probably not, though for remote access, a frontend utilizing the new REST API, which handles all the DNSSEC stuff already, might be better than exposing the DB server to the network anyway.