Registrar that supports self-run domains and provides DNSSEC support
Warren Kumari
warren at kumari.net
Wed Feb 20 13:54:00 UTC 2013
On Feb 20, 2013, at 1:14 AM, Chuck Peters <cp at axs.org> wrote:
> Robert Moskowitz said:
>> Delving further into my challenges.
>>
>> But they don't seem to support DNSSEC protected domains, and even
>> IPv6 glue records are special requests, it seems.
>
> I would like to know how can I handle DNSSEC key rollovers without
> manually entering keys into one of those annoying web interfaces. What
> methods do various registrars support? Is it possible to submit the KSK
> directly to the root authority? Does some standard RFC cover how
> registrars are supposed to support key rollovers?
Shameless plug: http://tools.ietf.org/html/draft-kumari-ogud-dnsop-cds-00
This draft describes a method to allow easy rollover -- basically you sign the new DS record with you currently enrolled key and publish it in your zone. Your registrar (or registry / parent, depending on where your zone is) scrapes it periodically and publishes it for you.
This draft is new, but based upon earlier work -- draft-barwood-dnsop-ds-publish-02
If you think that this is helpful, let someone know….
W
>
>
> Thanks,
> Chuck
>
>
>
>
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
--
Some people are like Slinkies......Not really good for anything but they still bring a smile to your face when you push them down the stairs.
More information about the bind-users
mailing list