for .fund domains use RSASHA256 DNSSEC keys

This commit is contained in:
Joshua Tauberer 2014-12-05 11:58:30 -05:00
parent cfe0fa912a
commit be59bcd47d
2 changed files with 10 additions and 2 deletions

View File

@ -511,8 +511,12 @@ zone:
######################################################################## ########################################################################
def dnssec_choose_algo(domain, env): def dnssec_choose_algo(domain, env):
if domain.endswith(".email") or domain.endswith(".guide"): if '.' in domain and domain.rsplit('.')[-1] in \
# At least at GoDaddy, this is the only algorithm supported. ("email", "guide", "fund"):
# At GoDaddy, RSASHA256 is the only algorithm supported
# for .email and .guide.
# A variety of algorithms are supported for .fund. This
# is preferred.
return "RSASHA256" return "RSASHA256"
# For any domain we were able to sign before, don't change the algorithm # For any domain we were able to sign before, don't change the algorithm

View File

@ -52,6 +52,10 @@ mkdir -p "$STORAGE_ROOT/dns/dnssec";
# #
# * .email # * .email
# * .guide # * .guide
#
# Supports `RSASHA256` (and defaulting to this)
#
# * .fund
FIRST=1 #NODOC FIRST=1 #NODOC
for algo in RSASHA1-NSEC3-SHA1 RSASHA256; do for algo in RSASHA1-NSEC3-SHA1 RSASHA256; do