[Pdns-users] DNSSEC - What to send to registrar?
Keresztes Péter-Zoltán
zozo at z0z0.tk
Fri Mar 6 14:49:10 UTC 2015
You only need to send them the DS records.
> On Mar 6, 2015, at 4:30 PM, Nick Williams <nicholas at nicholaswilliams.net> wrote:
>
> I learned the other day that my registrar (Dotster) has no support for DNSSEC in their user interface. At first they told me that they didn't support it at all—but when I pointed out that not supporting DNSSEC is a violation of ICANN's Registrar Accreditation Agreement (RAA) effective January 1, 2014, and threatened to contact ICANN and have their accreditation revoked, they shaped up.
>
> So now I can email their second-level support directly with any DNSSEC records I need updated. It ain't perfect, but it'll do for now.
>
> So, with that out of the way, what do I email them? Do I just execute `pdnssec show-zone` for each zone and send them the following five whole lines from the output?
>
> KSK DNSKEY = nicholaswilliams.net IN DNSKEY <...>
> DS = nicholaswilliams.net IN DS <...>
> DS = nicholaswilliams.net IN DS <...>
> DS = nicholaswilliams.net IN DS <...>
> DS = nicholaswilliams.net IN DS <...>
>
> Or do I send them more of the output from show-zone? Or do I send them something else?
>
> Thanks,
>
> Nick
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
More information about the Pdns-users
mailing list