Migrated all my zones to from coredns to knot. Knot just makes it so much easier to use dnssec.


Never heard of CoreDNS?
But have you tried PowerDNS? DNSSEC with pdns is extremely easy too :)

@selea I've looked at powerdns before but found the docs a bit confusing. Never tried it though.
I mainly decided to go with knot because I don't really use the different storage backends powerdns provides.


Yeah I thought it was confusing at first too, but I later found it really great :)
So I use it for my 3 authorize DNS servers now :)


Do you expose the API to the internet (with some sort of authentication of course)? I have a PoC setup but since I use LE through DNS I noticed that this will become a problem :/

And also do you handle an anycast/latency situation? (I'm in my PoC I simply decided to go for long TTLs but that only solves the second resolution)



I did not expose the API to the internet actually, but I use a software that administrate the zones directly via the database.

The servers I have is not anycasted, I did not find the need for it in my case.


Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!