Enable DNSSEC for all Bisq infrastructure domain names

wiz commented 4 years ago

[x] bisq.network https://dnsviz.net/d/bisq.network/dnssec/
[x] bisq.io https://dnsviz.net/d/bisq.io/dnssec/
[x] bisq.community https://dnsviz.net/d/bisq.community/dnssec/
[x] bisq.wiki https://dnsviz.net/d/bisq.wiki/dnssec/
[x] bisq.market https://dnsviz.net/d/bisq.market/dnssec/
[x] bisq.markets https://dnsviz.net/d/bisq.markets/dnssec/
[X] mempool.space https://dnsviz.net/d/mempool.space/dnssec/
[X] wiz.biz https://dnsviz.net/d/wiz.biz/dnssec/
[x] emzy.de https://dnsviz.net/d/emzy.de/dnssec/
[x] bisq.services https://dnsviz.net/d/bisq.services/dnssec/
[ ] bisq.cc https://dnsviz.net/d/bisq.cc/dnssec/
[ ] vante.me https://dnsviz.net/d/vante.me/dnssec/
[x] sqrrm.net https://dnsviz.net/d/sqrrm.net/dnssec/

cbeams commented 4 years ago

From https://support.cloudflare.com/hc/en-us/articles/360006660072-Understanding-and-Configuring-DNSSEC-in-Cloudflare-DNS:

To configure DNSSEC, you first enable it in the Cloudflare dashboard and then add a DS record at your domain registrar.

I'll do this for all the domains above that are managed under Cloudflare DNS. I'll then assign @ManfredKarrer to take care of the domain registrar part, as he plays the role of Domain Name Owner (bisq-network/roles#77) and is now the only one with access to make such changes.

devinbileck commented 4 years ago

I have enabled DNSSEC on the bisq.services domain.

cbeams commented 4 years ago

Attn @ManfredKarrer: I have just enabled DNSSEC for the bisq.network domain via Cloudflare DNS. You now need to follow the instructions at https://www.namecheap.com/support/knowledgebase/article.aspx/9722/2232/managing-dnssec-for-domains-pointed-to-custom-dns to register the values below with Namecheap. A screenshot from the Cloudflare interface follows, with each of the individual values pasted below.

DS Record

bisq.network. 3600 IN DS 2371 13 2 29A0443DC8173F7C3A57E58645C0E10FDD0E4B757CDB276020D9AFCBE79F52CD

Digest

29A0443DC8173F7C3A57E58645C0E10FDD0E4B757CDB276020D9AFCBE79F52CD

Digest Type

SHA256

Algorithm

13

Public Key

mdsswUyr3DPW132mOi8V9xESWE8jTo0dxCjjnopKl+GqJxpVXckHAeF+KkxLbxILfDLUT0rAK9iUzy1L53eKGQ==

Key Tag

2371

Flags

257 (KSK)

ManfredKarrer commented 4 years ago

Done.

wiz commented 4 years ago

@ManfredKarrer looks great, just verified it. thank you!

ManfredKarrer commented 4 years ago

Also done now for bisq.io.

alexej996 commented 4 years ago

bisq.community has dnssec enabled now. Sorry for the delay, had to change the domain provider.

Emzy commented 4 years ago

emzy.de has dnssec now.

wiz commented 3 years ago

Since the last 3 explorers are the ones that don't have DNSSEC, closing per https://github.com/bisq-network/bisq/pull/4791

sqrrm commented 3 years ago

Finally enabled dnssec for sqrrm.net, thanks for the reminder.

wiz commented 3 years ago

Okay cool... Well, I checked your checkbox, but your legacy BSQ explorer is still retired :)

sqrrm commented 3 years ago

Yeah, I think I will stop running an explorer. I don't think we need that many and getting mempool up and running, and then keeping it stable, is better left for those of you with more ops experience.

I'll keep running the bitcoin nodes.

bisq-network / ops