[Pdns-users] DNSSEC - What to send to registrar?

Nick Williams nicholas at nicholaswilliams.net
Fri Mar 6 14:30:17 UTC 2015


I learned the other day that my registrar (Dotster) has no support for DNSSEC in their user interface. At first they told me that they didn't support it at all—but when I pointed out that not supporting DNSSEC is a violation of ICANN's Registrar Accreditation Agreement (RAA) effective January 1, 2014, and threatened to contact ICANN and have their accreditation revoked, they shaped up.

So now I can email their second-level support directly with any DNSSEC records I need updated. It ain't perfect, but it'll do for now.

So, with that out of the way, what do I email them? Do I just execute `pdnssec show-zone` for each zone and send them the following five whole lines from the output?

KSK DNSKEY = nicholaswilliams.net IN DNSKEY <...>
DS = nicholaswilliams.net IN DS <...>
DS = nicholaswilliams.net IN DS <...>
DS = nicholaswilliams.net IN DS <...>
DS = nicholaswilliams.net IN DS <...>

Or do I send them more of the output from show-zone? Or do I send them something else?

Thanks,

Nick



More information about the Pdns-users mailing list