How to sync my BIND9 config (managed via Webmin) and deSEC

Managed DNS Hosting
3

thx for your quick reply.

Indeed I realize now, that I didn’t explain so clear what I want to achieve :expressionless:

My pain points currently: I have issues receiving eMails after lately big companies enforce stricter policies on SPF, DMARC and DKIM and so my server is rejected when sending or receiving emails

Now this is what I experienced so far:

  1. Most of these techniques provide relevant attributes over DNS. They involve providing DNS TXT records to work correctly.
  2. At some point in time I found some recommendation that DNSSEC might increase the chance of getting these working and tried to setup DNSSEC in BIND9 (Webmin supports DNSSEC). Shortly after that found out my own BIND server is only partly authoritative for my own domain. My DNS setup hat a custom setup with 3 DNS Server, 1st is my BIND, the 2 DNS Authoritative ones from my domain / hosting provider.
  3. Asked my hosting provider why is my setup not working and they said, send us your DNSSEC relevant setting and we will setup DNSSEC for your domain
  4. Did not manage to do that until now.
  5. Lately discovered deSEC service and thought why not using something that cool which is already managed by someone

I hoped I might finally get my issues solved with it.

After your reply I understand better now my options:
a. give up the local BIND server and move to deSEC (there is some migration effort, but I really have only a handful services on my server so not much to do)
b. sync of DNS zone data was not something I was really looking for
c. moving my domain to a better domain registrar
d. something else

Even I move to deSEC, I am still dependent on my Hosting/Domain provider, as long as my Domain is also hosted by them (their primary and secondary DNS server are still authoritative).

My previous linked howto for using deSEC with 1blu speak about Delegation, I suppose this uses DNS forwarding. My Hosting / Domain provider is still the authoritative server for my domain, but they just do DNS forwarding then to deSEC after I setup my config there as described in the linked post.

What would you do in my case?