[dns-operations] any registries require DNSKEY not DS?

Maarten Bosteels maarten.lists at bosteels.eu
Thu Jan 23 23:03:21 UTC 2020


On Thu, Jan 23, 2020 at 11:51 PM Maarten Bosteels <maarten at bosteels.eu>
wrote:

>
>
> On Wed, Jan 22, 2020 at 11:51 PM Patrick Mevzek <mevzek at uniregistry.com>
> wrote:
>
>> On 22/01/2020 17:13, Tony Finch wrote:
>> > Are there any registries that configure secure delegations from DNSKEY
>> > records (and do their own conversion to DS records) rather than
>> accepting
>> > DS records from the registrant? I think I have heard that .de is one.
>>
>> CA (IIRC they require both the key and DS, probably to double check the
>> DS themselves), BE and EU are some example that comes immediately to
>> mind. There are others.
>>
>>
> Indeed, for .be we expect the registrar to send us the DNSKEY using
> a <secDNS:keyData> element (when using EPP)
> https://docs.dnsbelgium.be/be/epp/createdomain.html
>
> Maarten Bosteels
> DNS Belgium
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20200124/510f043a/attachment.html>


More information about the dns-operations mailing list