On Feb 20, 2013, at 1:14 AM, Chuck Peters <c...@axs.org> wrote: > Robert Moskowitz said: >> Delving further into my challenges. >> >> But they don't seem to support DNSSEC protected domains, and even >> IPv6 glue records are special requests, it seems. > > I would like to know how can I handle DNSSEC key rollovers without > manually entering keys into one of those annoying web interfaces. What > methods do various registrars support? Is it possible to submit the KSK > directly to the root authority? Does some standard RFC cover how > registrars are supposed to support key rollovers?
Shameless plug: http://tools.ietf.org/html/draft-kumari-ogud-dnsop-cds-00 This draft describes a method to allow easy rollover -- basically you sign the new DS record with you currently enrolled key and publish it in your zone. Your registrar (or registry / parent, depending on where your zone is) scrapes it periodically and publishes it for you. This draft is new, but based upon earlier work -- draft-barwood-dnsop-ds-publish-02 If you think that this is helpful, let someone know…. W > > > Thanks, > Chuck > > > > > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > -- Some people are like Slinkies......Not really good for anything but they still bring a smile to your face when you push them down the stairs. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
