From ebcc81ca2ee5d2d1b139b6f81952e437e7665d8c Mon Sep 17 00:00:00 2001 From: Joshua Tauberer Date: Thu, 10 Jul 2014 08:07:36 -0400 Subject: [PATCH] move DNSSEC stuff around --- guide.html | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/guide.html b/guide.html index ce42280f..5aa55d2c 100644 --- a/guide.html +++ b/guide.html @@ -242,13 +242,6 @@

Don’t worry if you are confused about what this all means. It is complicated — we all get confused at this point.

-

DNSSEC

- -

The domain name system is not very secure. Enabling DNSSEC provides a layer of cryptographic security on top of the domain name system in a similar way to how HTTPS web addresses add a layer of security to the web.

- -

DNSSEC is configured at your domain name registrar as well but you can’t do it until after we set up the box, so we will come back to it below.

- -

Setting Up The Box

Clone our github repo https://github.com/JoshData/mailinabox, cd to the directory, and run setup/start.sh.

@@ -339,7 +332,11 @@ cd mailinabox

Configuring DNSSEC

-

Optionally, to activate DNSSEC (see above), you'll need to get a DS record from the box. While logged in on the box, run:

+

The domain name system is not very secure. Enabling DNSSEC provides a layer of cryptographic security on top of the domain name system in a similar way to how HTTPS web addresses add a layer of security to the web.

+ +

DNSSEC is optional, but with it your box will advertise that it is secure. Other mail servers that support DNSSEC and DANE will begin encrypting mail to you while it is in transit. Mail-in-a-Box supports this, so email between DNSSEC-enabled Mail-in-a-Boxes are always encrypted in transit.

+ +

DNSSEC is configured at your domain name registrar. To activate DNSSEC, you'll need to get a DS record from the box and then enter that at your registrar. While logged in on the box, run:

sudo bash -c 'curl --user $(</var/lib/mailinabox/api.key): http://localhost:10222/dns/ds'