github peteeckel/netbox-plugin-dns 1.2.7
Feature/Bugfix Release 1.2.7
on GitHub

latest releases: 1.4.1, 1.4.0, 1.3.6...
5 months ago

DNSSEC

This is release adds DNSSEC support for NetBox DNS.

NetBox DNS supports the management of DNSSEC in as much as DNSSEC Key Templates and DNSSEC Policies can be stored in NetBox DNS and assigned to zones. It does not, however, support zone signing nor storing cryptographic material in the NetBox database. There are two main reasons for this concept:

  1. Storing cryptographic material in a data source for automation is generally problematic. While there is the NetBox Secrets plugin, it is better practice to store confidential data in vault systems specifically created for this purpose. (In some cases the keys are stored in HSMs as an added method of protection.)
  2. In typical modern scenarios, signing servers maintain keys and sign records, so such configurations do not even require having NetBox DNS provide keys or create the signatures from within NetBox DNS.

Additionally, there is no direct integration between NetBox and any given name server implementation, so an interface for providing signed zones to a name server is generally out of scope for NetBox DNS, just as it is the case for serving plain DNS. This should be implemented using specific solutions adapted to the use case and the name server implementation used.

As noted earlier there are two data models for DNSSEC in NetBox DNS: DNSSEC Key Templates and DNSSEC Policies. The former are used for storing parameters for DNSSEC Keys such as the type, algorithm and lifetime, and the latter to define policies that determine how often signatures are regenerated, DS records are propagated etc.

While the implementation is oriented largely towards options BIND 9 provides, this is mainly because that software has a huge set of configuration options and other products are usually not very different, in most cases more limited than BIND 9. Given the large installed base of BIND 9, this is considered a good basis. (There is, however, no reason why NetBox DNS cannot be used to maintain data for, say, Knot-DNS or PowerDNS.)

For a summary of the new functionality, see this blogpost by @jpmens.

What's Changed

  • SOA MNAME must be checked in zone forms if zone template is not set by @peteeckel in #589
  • complete fr translation by @jean1 in #592
  • Check whether zone was passed via dict before resolving templates by @peteeckel in #594
  • Add DNSSEC support by @peteeckel in #563
  • Add domain registration expiration date and EPP status fields by @peteeckel in #590
  • Add tests for NetBox DNS objects as custom field targets by @peteeckel in #595
  • Initialise views in urls.py instead of ready() by @peteeckel in #596

Full Changelog: 1.2.6...1.2.7

Check out latest releases or
releases around peteeckel/netbox-plugin-dns 1.2.7

Don't miss a new netbox-plugin-dns release

NewReleases is sending notifications on new releases.

Get notifications