BIND operating in Parental Agent role (according to RFC 7344)?
Nick Tait
nick at tait.net.nz
Wed Apr 12 03:38:42 UTC 2023
Hi list.
I'm currently running a few DNSSEC zones in BIND using dnssec-policy
option, albeit with an unlimited lifetime on the KSK, so that I can
control KSK roll-overs (which is necessary because my Registrar doesn't
support RFC 7344)...
Anyway I know that BIND supports RFC 7344 via parental-agents option
when BIND is operating in the 'Child' role; but my question is whether
BIND currently supports (or if there are any plans for BIND to support)
RFC 7344 with BIND operating in the 'Parental Agent' (and 'Parent')
capacity.
In other words, can BIND be configured to poll a child zone for
CDS/CDNSKEY records, and automatically add corresponding DS records into
a zone that it controls?
If this isn't on the radar already, I'll be happy to submit an
enhancement request?
Thanks,
Nick.
More information about the bind-users
mailing list