[dns-operations] What would it take...

Tony Finch dot at dotat.at
Wed Mar 11 20:52:57 UTC 2015

Edward Lewis <edward.lewis at icann.org> wrote:
> Note that my request was not for a means to update the parent but to
> prevent the child from shooting themselves in the foot.  A much less
> involved operation.

In this immediate case the problem was caused by a change of operator for
the zone, and the registrar(s) failed to handle DNSSEC properly as part of
the transfer.

I think this is a simpler situation to deal with than a botched key
rollover, assuming registrars can be persuaded to add the necessary sanity
checks to their processes. This doesn't have to be anything ambitious like
fully secure domain transfers: either stop the transfer or ask the
registrant to make the domain insecure if the nameservers are changed and
the new ones do not have a properly signed zone.

f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Rockall, Malin, Hebrides, Bailey: West backing southeast then veering
southwest, 6 to gale 8 increasing gale 8 to storm 10, occasionally violent
storm 11 later in Rockall and Bailey. Very rough or high, becoming high or
very high except in Malin. Rain or showers. Moderate or poor.

More information about the dns-operations mailing list