Hello together,
I need deSEC as a DNS provider with DNSSEC. I have a domain without web hosting that I only use as a mail address with my own domain at a mail provider that also supports DANE. Since my domain provider does not support DNSSEC, I registered with you, entered your NS servers at my domain DNS settings and gave my domain provider the DS/DNSKEYS, who entered/forwarded them accordingly to the registrar. According to the test on https://www.hardenize.com/ dane is now supported.
What is not yet clear to me:
- when does the DS/DNSKEYS change and do I then always have to notify my domain provider of the change? How do I find out about a change?
- do I need an SSL certificate for this use case?
Thank you for your reply in advance and thank you for your commitment.
Fodes