[dns-operations] any registries require DNSKEY not DS?
Rubens Kuhl
rubensk at nic.br
Wed Jan 22 23:03:17 UTC 2020
Not exactly what you asked, but a registrar example: Openprovider requires registrant to provide the DNSKEY, not DS, to activate and manage DNSSEC.
Rubens
> On 22 Jan 2020, at 19:13, Tony Finch <dot at dotat.at> wrote:
>
> Are there any registries that configure secure delegations from DNSKEY
> records (and do their own conversion to DS records) rather than accepting
> DS records from the registrant? I think I have heard that .de is one.
> Looking at OpenSRS as an example of a registrar that supports lots of
> TLDs, I see that they don't support DNSSEC for .de
> http://opensrs.help/chart and their API only supports DS records
> https://domains.opensrs.guide/docs/set_dnssec_info
>
> Also, I am uncomfortable with the endianness of their support domain names...
>
> Tony.
> --
> f.anthony.n.finch <dot at dotat.at> http://dotat.at/
> responsible stewardship of the earth and its resources
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 529 bytes
Desc: Message signed with OpenPGP
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200122/be385a1d/attachment.sig>
More information about the dns-operations
mailing list