Don’t worry if you are confused about what this all means. It is complicated — we all get confused at this point.
-The domain name system is not very secure. Enabling DNSSEC provides a layer of cryptographic security on top of the domain name system in a similar way to how HTTPS web addresses add a layer of security to the web.
- -DNSSEC is configured at your domain name registrar as well but you can’t do it until after we set up the box, so we will come back to it below.
- -Clone our github repo https://github.com/JoshData/mailinabox, cd to the directory, and run setup/start.sh.
Optionally, to activate DNSSEC (see above), you'll need to get a DS record from the box. While logged in on the box, run:
+The domain name system is not very secure. Enabling DNSSEC provides a layer of cryptographic security on top of the domain name system in a similar way to how HTTPS web addresses add a layer of security to the web.
+ +DNSSEC is optional, but with it your box will advertise that it is secure. Other mail servers that support DNSSEC and DANE will begin encrypting mail to you while it is in transit. Mail-in-a-Box supports this, so email between DNSSEC-enabled Mail-in-a-Boxes are always encrypted in transit.
+ +DNSSEC is configured at your domain name registrar. To activate DNSSEC, you'll need to get a DS record from the box and then enter that at your registrar. While logged in on the box, run:
sudo bash -c 'curl --user $(</var/lib/mailinabox/api.key): http://localhost:10222/dns/ds'