[GH-ISSUE #370] DNSSEC #210

New issue

Open

opened 2026-03-13 16:09:42 +03:00 by kerem · 3 comments

kerem commented

2026-03-13 16:09:42 +03:00

Owner

Originally created by @jottekop on GitHub (Dec 19, 2024).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/370

Is the acme-dns ever going support DNSSEC or possibility to sign via secondary signing server or something the like so that we create more secure records via the API? This will greatly help the effort to make the internet more secure 😄

Originally created by @jottekop on GitHub (Dec 19, 2024). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/370 Is the acme-dns ever going support DNSSEC or possibility to sign via secondary signing server or something the like so that we create more secure records via the API? This will greatly help the effort to make the internet more secure 😄

kerem commented

2026-03-13 16:09:48 +03:00

Author

Owner

@jderuiter commented on GitHub (Feb 18, 2025):

I was also looking for DNSSEC support and ended up using CoreDNS for this. It has a plugin to add DNSSEC signature on-the-fly (https://coredns.io/plugins/dnssec/). Maybe this also works for you. For a acme-dns server listening on localhost port 5353, you could use something like the following config:

example.org {
    bind  <public interface>

    dnssec {
        key file <path to keyfile>
    }
    forward . 127.0.0.1:5353
}

@jderuiter commented on GitHub (Feb 18, 2025): I was also looking for DNSSEC support and ended up using [CoreDNS](https://coredns.io/) for this. It has a plugin to add DNSSEC signature on-the-fly (https://coredns.io/plugins/dnssec/). Maybe this also works for you. For a acme-dns server listening on localhost port 5353, you could use something like the following config: ``` example.org { bind <public interface> dnssec { key file <path to keyfile> } forward . 127.0.0.1:5353 } ```

kerem commented

2026-03-13 16:09:53 +03:00

Author

Owner

@pderuiter commented on GitHub (Apr 11, 2025):

CoreDNS

Nice @jderuiter very simple and elegant solution to solve the lack of DNSSEC support in ACME-DNS, implementing it now myself. Works like a charm.

Thanks,
Patrick de Ruiter

@pderuiter commented on GitHub (Apr 11, 2025): > CoreDNS Nice @jderuiter very simple and elegant solution to solve the lack of DNSSEC support in ACME-DNS, implementing it now myself. Works like a charm. Thanks, Patrick de Ruiter

kerem commented

2026-03-13 16:09:58 +03:00

Author

Owner

@Al2Klimov commented on GitHub (Dec 26, 2025):

How did you guys get CoreDNS working without #264?

@Al2Klimov commented on GitHub (Dec 26, 2025): How did you guys get CoreDNS working without #264?