Re: hooks in bind's DNSSEC automation to trigger external scripting of DS RECORDS updates, when CDS/CDNSKEY polling is (still) not available?

Tue, 15 Jun 2021 07:51:18 -0700 


On 15-06-2021 16:32, PGNet Dev wrote:

On 6/10/21 8:38 AM, Tony Finch wrote:

PGNet Dev <pgnet....@gmail.com> wrote:


Has anyone here on-list figured out how to hook bind's internal signing
process to *trigger* and external script to exec those API pushes?


I have not, and I also want to be able to do this, and I also want
scripting hooks for whenever any keys change so that I can stash them
somewhere safer.




Tony.


fyi, @


  automation of DS Record submit to registrar/parent, integrated with 
'new' kasp/dnssec-policy support in bind

   https://gitlab.isc.org/isc-projects/bind9/-/issues/1890


the current feedback is " ... we think the best way is that the user 
scripts this by them self ... "



A brief summary. Folks that are interested in the reasons why can read 
up and discuss here:


  https://gitlab.isc.org/isc-projects/bind9/-/issues/1890#note_220217



and follows with " ... it is more likely that the CDS/CDNSKEY polling 
will be more common than pushing DS updates. A couple of TLDs have 
implemented this already and it looks like there is some movement on 
this topic in the Registrar world."


Of course inaction by TLDs & Registrars has been years-long ...



You may be interested in the multi-signer project, that is now actively 
pushing for this:


  https://github.com/DNSSEC-Provisioning/Multi-signer/

Cheers,

Matthijs




_______________________________________________

Please visit https://lists.isc.org/mailman/listinfo/bind-users to 
unsubscribe from this list



ISC funds the development of this software with paid support 
subscriptions. Contact us at https://www.isc.org/contact/ for more 
information.



bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users






















					Reply via email to