[dns-operations] dns-operationsthoughts on DNSSEC

[Wes Hardaker]

Vernon Schryver <vjs at rhyolite.com> writes:

> I've throught of a bigger, painfully obvious reason why "send mail to
> support" is an unacceptable answer from a registrar for DNSSEC.

Are you aware of any registrars that are requiring "send mail" to get
DNSSEC data changed?  All the ones I'm aware of are operating the same
way they do for other data, such as glue/NS: web forms for putting in
the data.  IE, it's most likely the user that is fat-fingering it, not
the registrar.  In fact, a good number of the registar's are actually
checking the submitted data to ensure that the created DS record is
accurate according to the published DNSKEY, which is actually an
improvement over blindly accepting glue/NS records without checking them.
-- 
Wes Hardaker
SPARTA, Inc.