[dns-operations] How to transfer DS records to parent zone?

Patrik Fältström paf at frobbit.se
Mon Jul 16 04:08:34 UTC 2012

On 16 jul 2012, at 02:28, Paul Wouters wrote:

> On Sun, 15 Jul 2012, Olafur Gudmundsson wrote:
>> With DNSSEC we can start talking about using DNSSEC to authenticate the NS and glue data that flows into registries/parents.
> We are, in Vancouver, next IETF :)
> https://datatracker.ietf.org/doc/draft-wouters-dnsop-secure-update-use-cases/

There are many issues not explained in this document that create problems in the registry/registrar model, for example all issues related to policies in the registry.

I think it is wrong to even bring up subregistrar as that is complicating the picture even more. Take for granted there is a registrar and anyone acting on their behalf is having the role of registrar.

API to registrar from registrant is normally not epp, but special APIs. This because of the different flavors of epp that registries have.

Do not even talk about "no relationship between registrant and registrar"...that is opening a can of worms you do not want to open.


So, suggestion is to have a look at the registry/registrar/registrant business and then write something new. Or, just skip the intention to try to describe how that market is working and dive into the meat of the document directly (and remove what now is very weak and in many cases not complete or even wrong).


More information about the dns-operations mailing list