privacyguides
/
privacytools.io
Archived
1
0
Fork 0
Code Issues 304 Pull Requests 47 Activity

🌐 Website Issue | DNSSEC support? #731

New Issue
Closed
opened 2019-01-21 09:53:08 +00:00 by Mikaela · 8 comments
Mikaela commented 2019-01-21 09:53:08 +00:00 (Migrated from github.com)
Copy Link

Description

Why DNSSEC isn't enabled on privacytools.io?

## Description Why DNSSEC isn't enabled on privacytools.io? * [Understanding and configuring DNSSEC in Cloudflare DNS](https://support.cloudflare.com/hc/en-us/articles/360006660072-Understanding-and-Configuring-DNSSEC-in-Cloudflare-DNS) * [DNSSEC Analyzer - privacytools.io](https://dnssec-debugger.verisignlabs.com/privacytools.io)
ghost commented 2019-01-21 14:37:59 +00:00 (Migrated from github.com)
Copy Link

@privacytoolsIO

@privacytoolsIO
matsest commented 2019-02-14 11:57:11 +00:00 (Migrated from github.com)
Copy Link

Sites hosted on GitHub Pages does not support DNSSEC (yet). I received this in November after asking them directly:

We really appreciate feedback on how we can make GitHub even better, and I can definitely understand the value of DNSSEC for GitHub Pages.

I can't make any promises as to if or when this might be implemented, but I have added your feedback to our feature request list, and will share it with the team for consideration.

Sites hosted on GitHub Pages does not support DNSSEC (yet). I received this in November after asking them directly: > We really appreciate feedback on how we can make GitHub even better, and I can definitely understand the value of DNSSEC for GitHub Pages. > > I can't make any promises as to if or when this might be implemented, but I have added your feedback to our feature request list, and will share it with the team for consideration.
Mikaela commented 2019-02-14 15:40:57 +00:00 (Migrated from github.com)
Copy Link

Privacytools.io is using Cloudflare for DNS and as a reverse proxy, so GitHub pages not supporting DNSSEC doesn't prevent it. I think there are many pages with similar setup without issues, for example mine (DNSSEC Analyzer link) which until recently had a similar setup, currently I am only using Cloudflare for www.

Of course GitHub pages not supporting DNSSEC would leave Cloudflare's DNS servers vulnerable to cache poisoning while flattening the CNAME, but I don't think that is too different from the case with Cloudflare as reverse proxy as we cannot know what SSL options privacytools.io is using, is GitHub pages contacted over http, https (invalid certificate accepted) or https (valid certificate required).

Privacytools.io is using Cloudflare for DNS and as a reverse proxy, so GitHub pages not supporting DNSSEC doesn't prevent it. I think there are many pages with similar setup without issues, for example [mine (DNSSEC Analyzer link)](https://dnssec-debugger.verisignlabs.com/mikaela.info) which until recently had a similar setup, currently I am only using Cloudflare for www. Of course GitHub pages not supporting DNSSEC would leave Cloudflare's DNS servers vulnerable to cache poisoning while flattening the CNAME, but I don't think that is too different from the case with Cloudflare as reverse proxy as we cannot know what SSL options privacytools.io is using, is GitHub pages contacted over http, https (invalid certificate accepted) or https (valid certificate required).
matsest commented 2019-02-14 16:22:22 +00:00 (Migrated from github.com)
Copy Link

@Mikaela Oh, I did not know about the setup with using it as a reverse proxy and I'm somewhat confused over GitHub's support pages regarding this, resulting in my correspondence with them.

From my experience with Github using the "regular" setup for DNS with a apex and subdomain with the CNAME my site fails in DNSSEC validation when it gets to the github.io in the io zone. I see that this is a somewhat different case than for privacytools, so perhaps this could be easily resolved :)

Edit: I changed my setup to using apex domain and A records at my registrar instead of using www and CNAME and now it works with DNSSEC as intended. Thanks for the clarifying comments! Then this site should be able to activate it to.. ;)

@Mikaela Oh, I did not know about the setup with using it as a reverse proxy and I'm somewhat confused over GitHub's support pages regarding this, resulting in my correspondence with them. From my experience with Github using the "[regular](https://help.github.com/articles/setting-up-an-apex-domain-and-www-subdomain/)" setup for DNS with a apex and subdomain with the CNAME my site [fails in DNSSEC validation](https://dnssec-debugger.verisignlabs.com/www.mxe.no) when it gets to the github.io in the io zone. I see that this is a somewhat different case than for privacytools, so perhaps this could be easily resolved :) Edit: I changed my setup to using apex domain and A records at my registrar instead of using www and CNAME and now it works with DNSSEC as intended. Thanks for the clarifying comments! Then this site should be able to activate it to.. ;)
Mikaela commented 2019-02-14 19:07:41 +00:00 (Migrated from github.com)
Copy Link

I don't know what was your original message to GitHub support, but from their response I think they were talking about GitHub pages without custom domain, <username>.github.io, but that should fix your issue.

(Sorry if I am not making much sense, I am multitasking.)

I don't know what was your original message to GitHub support, but from their response I think they were talking about GitHub pages without custom domain, `<username>.github.io`, but that should fix your issue. (Sorry if I am not making much sense, I am multitasking.)
privacytoolsIO commented 2019-03-30 10:46:22 +00:00 (Migrated from github.com)
Copy Link
DNSSEC

Is this correct now? Thanks for your help, guys.

<img width="491" alt="DNSSEC" src="https://user-images.githubusercontent.com/11730911/55275101-15b6c500-531c-11e9-8c8a-604f85ea6ff3.png"> Is this correct now? Thanks for your help, guys.
👍 1 🎉 1
Mikaela commented 2019-03-30 23:15:12 +00:00 (Migrated from github.com)
Copy Link

Thank you 💜

Thank you :purple_heart:
Mikaela commented 2019-03-30 23:20:39 +00:00 (Migrated from github.com)
Copy Link

However this may have slowed migrating out of Cloudflare, unless you can find more information on DNS transitioning DNSSEC-signed domains than I did. See https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-476564807 for my experience on Cloudflare -> Gandi.net

However this may have slowed migrating out of Cloudflare, unless you can find more information on DNS transitioning DNSSEC-signed domains than I did. See https://github.com/privacytoolsIO/privacytools.io/issues/374#issuecomment-476564807 for my experience on Cloudflare -> Gandi.net
This repo is archived. You cannot comment on issues.
No Branch/Tag Specified
Branches Tags
master
dependabot/bundler/nokogiri-1.13.6
dependabot/bundler/addressable-2.8.0
freddy-m-patch-3
pr-add_RemoveMyPhone_sponsor
pr-browser_cleanup_1257_1328_1430
freddy-m-patch-2
freddy-m-patch-1
pr-vpn_hated_one_video
cdn
update-nitrohorse-image
promote-metager-to-card
hardware
pr-add_azirevpn
pr-add_mailfence
shop
1673
pr/1658
i18n-simple
sponsorship-edits-nov2019
i18n
ipfs
blacklight447-ptio-patch-3
blog
remove-windows-icons
pr/1147
i18n-testing
add-beautify
Labels
Clear labels   
🔍🤖 Search Engines

   
approved

approved, waiting for a PR

  
dependencies

Pull requests that update a dependency file

  
duplicate

   
feedback wanted

   
high priority

   
I2P

The Invisible Internet Project (I2P)

  
iOS

   
low priority

   
OS

Operating Systems

  
Self-contained networks

   
Social media

   
stale

A label for stalebot if it gets added

  
streaming

Anything related to media streaming.

  
todo

   
Tor

Anything covering the Tor network

  
WIP

active work in progress, do not merge or PR (yet)!

  
wontfix

Issues or bugs that will not be fixed and/or do not have significant impact on the project.

  
XMPP

Extensible Messaging and Presence Protocol

  
[m]

Matrix protocol

  
₿ cryptocurrency

   
ℹ️ help wanted

   
↔️ file sharing

   
⚙️ web extensions

Browser Extension related issues

  
enhancement

   
software removal

   
💬 discussion

   
🤖 Android

   
🐛 bug

   
💢 conflicting

   
📝 correction

Correction of content on the website

  
🆘 critical

   
📧 email

   
🔒 file encryption

   
📁 file storage

   
🦊 Firefox

Firefox & forks, about:config etc.

  
💻 hardware

   
🌐 hosting

   
🏠 housekeeping

Anything primarily related to site cleanup.

  
🔐 password managers

   
🧰 productivity tools

   
🔎 research required

   
🌐 Social News Aggregators

   
🆕 software suggestion

   
👥 team chat

   
🔒 VPN

Virtual Private Network

  
🌐 website issue

*Technical* issues with the website.

  
🚫 Windows

   
👁️ browsers

   
🖊️ digital notebooks

   
🗄️ DNS

Domain Name System

  
🗨️ instant messaging (im)

   
🇦🇶 translations

Anything covering a translated version of the site

No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
enhancement
software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: privacyguides/privacytools.io#731
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?