On 07/01/15 02:07, Jim Reid wrote:
BTW, it's particularly unwise to adopt DLV to kludge around TLD registries or registrars who can't/won't support DNSSEC properly. This was the OP's rationale for going down that path. IMO the OP should switch to another registrar and let the slacker registrar know why they've lost the OP's business.
I don't want to go offtopic but there seem to be still "many" registrars which do not support dnssec. I for example asked three different registrars in germany and got the same answer - they're working on it, due to the little demand they haven't implemented anything for that now. I am sure that I'll be able to find a registrar in germany with the same prices, a similar realtime API and dnssec support. Still I would not like to switch after 10+ years without any trouble, to another registrar - call me lazy if you want. Currently I am testing and "playing around" with dnssec, dane and such stuff to learn more about it - I am not in pressure to implement it neither do I need it cuz' its cool or something. When implementing DNSSEC in my own nameservers I noticed (due to forwarders I was using) that three different (one of them is quite big) datacenters in germany don't support dnssec - the public orsn nameserver does not, neither. 3 is not a representative number, might be that I picked the 3 that cannot while the other 97 can. Would be pretty interesting to see some country-statistic about dnssec usage. Actually the only public dns that supports dnssec I found at a first glance was google and I'd rather not use that (I am not using forwarders anymore anyway) :^)
