[dns-operations] any registries require DNSKEY not DS?
Tony Finch
dot at dotat.at
Thu Jan 23 19:45:22 UTC 2020
Thanks for all the interesting replies!
The reason for the question is to do with child-side tools for updating
delegations. RFC 7344 CDS/CDNSKEY records are brilliant for this because
they provide a standard interface between key management / signing
software and registr* API client software: the registr* client can
just [*] look at a zone file to work out what the delegation should be.
And clearly a generic "gimme the secure delegation" function needs to have
both DS and DNSKEY modes.
[*] modulo caveats about glue records
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
the quest for freedom and justice can never end
More information about the dns-operations
mailing list