external
/
mailinabox
mirror of https://github.com/mail-in-a-box/mailinabox.git
1
0
Fork 0
Code Issues Releases Wiki Activity

for .fund domains use RSASHA256 DNSSEC keys

This commit is contained in:
Joshua Tauberer 2014-12-05 11:58:30 -05:00
parent cfe0fa912a
commit be59bcd47d
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
management/dns_update.py
View File

@ -511,8 +511,12 @@ zone:
########################################################################
def dnssec_choose_algo(domain, env):
if domain.endswith(".email") or domain.endswith(".guide"):
# At least at GoDaddy, this is the only algorithm supported.
if '.' in domain and domain.rsplit('.')[-1] in \
("email", "guide", "fund"):
# At GoDaddy, RSASHA256 is the only algorithm supported
# for .email and .guide.
# A variety of algorithms are supported for .fund. This
# is preferred.
return "RSASHA256"
# For any domain we were able to sign before, don't change the algorithm

4
setup/dns.sh
View File

@ -52,6 +52,10 @@ mkdir -p "$STORAGE_ROOT/dns/dnssec";
#
# * .email
# * .guide
#
# Supports `RSASHA256` (and defaulting to this)
#
# * .fund
FIRST=1 #NODOC
for algo in RSASHA1-NSEC3-SHA1 RSASHA256; do