DNSSEC not supported for TLD .AI , will this be a security hole? Any workarounds?

Hello,
I have a web application served by an nginx ingress and I’ve created A and CNAME records in cloudflare.
I went to setup the DNSSEC in cloudflare and realized that .AI domains are not supported.
Will this be a security issue in regards to DDOS protection and the security that Cloudflare offers?

The engineer on my team says we should try this:
Also, please ask if we can use Cloudflare to expose a Kubernetes app to the Internet · Cloudflare Zero Trust docs|attachment](Use cloudflared to expose a Kubernetes app to the Internet · Cloudflare Zero Trust docs)

Excuse my ignorance, I’m a bit of a Luddite with some of this (asking for my engineer)
Thanks,
Tim

Welcome to the Cloudflare Community. :logodrop:

The registry for ai. claims that they support DNSSEC.

http://whois.ai/eppfaq.html

I am confused by your engineer’s question, as it includes a link to the documentation on how to perform the requested action.

1 Like

They seem to support only the minimum required algorithm 8 (of course Cloudflare requires algorithm 13).

3 Likes

Their admittedly terrible website is light on details as to supported algorithms. I saw mention of only supporting algorithm 8 on a third-party site. The registry mention that they are using Knot DNS, which suggests that they should be able to use the superior algorithm 13. Whether or not they have implemented that requirement, I don’t know.

1 Like

Thank you, apparently it doesn’t support DNSSEC but we really didn’t need it (according to support)

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.