[Pdns-users] DNSSEC - What to send to registrar?
Nick Williams
nicholas at nicholaswilliams.net
Fri Mar 6 14:30:17 UTC 2015
I learned the other day that my registrar (Dotster) has no support for DNSSEC in their user interface. At first they told me that they didn't support it at all—but when I pointed out that not supporting DNSSEC is a violation of ICANN's Registrar Accreditation Agreement (RAA) effective January 1, 2014, and threatened to contact ICANN and have their accreditation revoked, they shaped up.
So now I can email their second-level support directly with any DNSSEC records I need updated. It ain't perfect, but it'll do for now.
So, with that out of the way, what do I email them? Do I just execute `pdnssec show-zone` for each zone and send them the following five whole lines from the output?
KSK DNSKEY = nicholaswilliams.net IN DNSKEY <...>
DS = nicholaswilliams.net IN DS <...>
DS = nicholaswilliams.net IN DS <...>
DS = nicholaswilliams.net IN DS <...>
DS = nicholaswilliams.net IN DS <...>
Or do I send them more of the output from show-zone? Or do I send them something else?
Thanks,
Nick
More information about the Pdns-users
mailing list