Merge pull request #661 from baltoche/master

Gandi tells me that .be TLD only supports algorithms 8 and 10 for DNSSEC
This commit is contained in:
Joshua Tauberer 2016-01-05 11:10:21 -05:00
commit 5b135738b4

View file

@ -502,11 +502,12 @@ zone:
def dnssec_choose_algo(domain, env):
if '.' in domain and domain.rsplit('.')[-1] in \
("email", "guide", "fund"):
("email", "guide", "fund", "be"):
# At GoDaddy, RSASHA256 is the only algorithm supported
# for .email and .guide.
# A variety of algorithms are supported for .fund. This
# is preferred.
# Gandi tells me that .be does not support RSASHA1-NSEC3-SHA1
return "RSASHA256"
# For any domain we were able to sign before, don't change the algorithm