Cannot import SSHFP data into Route 53 hosted zone, what options are available?

0

I want to put Route 53 Nameservers (taken from hosted zone) into DNS settings at my Domain provider one.com. Mail hosting remains at one.com, so Route 53 will point to one.com for this. I received a file with DNS settings from one.com that I could import in my hosted zone in Route 53. This was straight forward except for 2 entries for SSHFP: Route 53 does not support SSHFP entries. So the first question is, do I need those entries or can I just ignore them? Second question, I I need something, what is the workaround? Any ideas? Thanks

2 Answers
2
Accepted Answer

I haven't seen SSHFP records used widely, but they're used to publish the public SSH keys used as fingerprints to verify that when you're connecting to an SSH host, a man-in-the-middle attack will be exposed by the bad actor not having the private encryption key matching the public fingerprint. That prevents them from impersonating the legitimate SSH/SFTP/etc. server.

If you aren't using SSH to connect to the hosting provider and only using them for email, the SSHFP record shouldn't be needed.

EXPERT
Leo K
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
  • Thanks for the specific answer.

1

Route53 does not support SSHFP records. The record types that are supported by Route53 are documented here: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html

You can always reach out to AWS, through your account team contacts, and ask them about considering this as feature request.

Then as Leo mentioned, you do not need to add them if you do not want too, they are not widely used.

AWS
EXPERT
answered 2 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions