Needs 7, but only provides the following.
Yes, this is an overall known issue that not all registrars support everything correctly. The RFC states that they MUST validate algorithm 7, but of course they can violate this and likely other RFCs and there is little that can be done about this specific issue.
Yes, I’m migrating to namecheap, it’s less expensive to do so before hand as the domains expire.
In case anyone else has this problem. DS bulk is offered in the records at CF, so pointing the SOA nameservers to another provider may also work.
Still expensive compared to the two registrars I mentioned, but better than GoDaddy, any day.
Which completely defeats the purpose of MiaB acting as your name server.
But hey, there is nothing wrong with using external DNS if you so choose.
In that case, is there a process for running a second redundant server exclusive for bind9? As such, I could easily clone a snapshot and spin another vm, but disable the secondary functional of email etc…
Please let me know if you have any thought on that.
My thought … simply don’t bother with DNSSEC for that domain.
Why pray tell would you possibly want to do that? This seriously makes zero sense.
You do realize that MiaB does not use BIND as the authoritative name servers, correct? I told you in another response somewhere that you do not ever edit the zone files. This is in the same vein.
You really have not studied this project enough to understand how things work. I highly recommend that you read through the scripts and get some understanding, rather than just throwing things out there that you think might work to solve some non problem.
I apologize, I had posted in the wrong thread. I am only referring to adding a secondary custom dns nameserver in addition to miab’s primary. I do not wish to use a third party’s.
Unfortunately, there are two options - use a third party’s Secondary DNS or run your own, on a different VPS.
It is not really difficult to set up a name server that can be used as a secondary. BIND is the gold standard in some ways, but PowerDNS is actually easier to set up for use with MiaB.
You could get a $2/mo VPS with 512mb ram from BuyVM and handle this easily (with BIND) if you really do not want to use a third party and wish to be economical.
The DNSSEC issue is also fixed in the development branch of Mail-in-a-Box on github, which now supports algorithms 8 and 13 for all domains (previously it chose between 7 and 8 depending on the TLD).