Hi Martin Other registries just requires to handle DNSSEC if we still wants to be a registrar in that TLD.
Usually I’m not a fan of more requirements for registrars but DNSSEC has been around for so long. They don’t need to offer DNSSEC on their own nameservers, they just need to be able to add and delete DS records at the registry own the request of the registrant. Kind regards Kristian Ørmen > On 2 Sep 2021, at 10.39, Martin Casanova <martin.casan...@switch.ch> wrote: > > Hi > > Since we have programs in place to push DNSSEC our number of signed domains > is increasing rapidly. > > This brings up a old question that we were wondering about how other > registries handle it. > > Lets assume a singed domain is being transferred but the new registrar > (still...) does not support DNSSEC and is therefore not able to delete or > modify the DS/KeyData at the registry. In that case the domain can not be > resolved anymore by validating resolvers until the DS/KeyData is deleted at > the registry somehow. > > What is your policy/solution for this case? Here I outlined some > possibilities: > > - Keeping track (based on login <svcExtension> at login?) which registrars do > DNSSEC and prohibit transfers of singed domains in case secDNS-1.1 is missing? > This unnecessarily limits transfers of singed domains to DNSSSEC unable > registrars if the domain was signed via CDS where the domain was singed by > the name-server owner. (no registrar involved) > > - Deleting the DS/KeyData when the nameservers changes? (This would raise > further questions..) > - Support ticket of registrar and manual deletion by the registry ? > - ... > > Your feedback is appreciated. Thanks! > > > > Martin > > -- > SWITCH > Martin Casanova, Domain Applications > Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland > phone +41 44 268 15 55, direct +41 44 268 16 25 > martin.casan...@switch.ch <mailto:martin.casan...@switch.ch>, www.switch.ch > <http://www.switch.ch/>_______________________________________________ > regext mailing list > regext@ietf.org > https://www.ietf.org/mailman/listinfo/regext
_______________________________________________ regext mailing list regext@ietf.org https://www.ietf.org/mailman/listinfo/regext
