mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-12-22 07:17:05 +00:00
for .fund domains use RSASHA256 DNSSEC keys
This commit is contained in:
parent
cfe0fa912a
commit
be59bcd47d
@ -511,8 +511,12 @@ zone:
|
||||
########################################################################
|
||||
|
||||
def dnssec_choose_algo(domain, env):
|
||||
if domain.endswith(".email") or domain.endswith(".guide"):
|
||||
# At least at GoDaddy, this is the only algorithm supported.
|
||||
if '.' in domain and domain.rsplit('.')[-1] in \
|
||||
("email", "guide", "fund"):
|
||||
# At GoDaddy, RSASHA256 is the only algorithm supported
|
||||
# for .email and .guide.
|
||||
# A variety of algorithms are supported for .fund. This
|
||||
# is preferred.
|
||||
return "RSASHA256"
|
||||
|
||||
# For any domain we were able to sign before, don't change the algorithm
|
||||
|
@ -52,6 +52,10 @@ mkdir -p "$STORAGE_ROOT/dns/dnssec";
|
||||
#
|
||||
# * .email
|
||||
# * .guide
|
||||
#
|
||||
# Supports `RSASHA256` (and defaulting to this)
|
||||
#
|
||||
# * .fund
|
||||
|
||||
FIRST=1 #NODOC
|
||||
for algo in RSASHA1-NSEC3-SHA1 RSASHA256; do
|
||||
|
Loading…
Reference in New Issue
Block a user