Re: [regext] Transfer of signed domain to registrar that does not support DNSSEC

Thu, 02 Sep 2021 03:37:39 -0700 

Hi Martin,
at .it we don't prohibit the transfer of signed domains to registrars that dont' provide support for DNSSEC. 

The DS records are removed when the nameservers change.

Best,

Mario

Il 02/09/2021 11:39, Martin Casanova ha scritto:


Hi


Since we have programs in place to push DNSSEC our number of signed 
domains is increasing rapidly.



This brings up a old question that we were wondering about how other 
registries handle it.



Lets assume a singed domain is being transferred but the new registrar 
(still...) does not support DNSSEC and is therefore not able to delete 
or modify the DS/KeyData at the registry. In that case the domain can 
not be resolved anymore by validating resolvers until the DS/KeyData 
is deleted at the registry somehow.



What is your policy/solution for this case? Here I outlined some 
possibilities:



- Keeping track (based on login <svcExtension> at login?) which 
registrars do DNSSEC and prohibit transfers of singed domains in case 
secDNS-1.1 is missing?
  This unnecessarily limits transfers of singed domains to DNSSSEC 
unable registrars if the domain was signed via CDS where the domain 
was singed by the name-server owner. (no registrar involved)



- Deleting the DS/KeyData when the nameservers changes? (This would 
raise further questions..)

- Support ticket of registrar and manual deletion by the registry ?
- ...

Your feedback is appreciated. Thanks!


Martin

--
SWITCH
Martin Casanova, Domain Applications
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 55, direct +41 44 268 16 25
martin.casan...@switch.ch,www.switch.ch

_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext


--
Dr. Mario Loffredo
Technological Unit “Digital Innovation”
Institute of Informatics and Telematics (IIT)
National Research Council (CNR)
via G. Moruzzi 1, I-56124 PISA, Italy
Phone: +39.0503153497
Web: http://www.iit.cnr.it/mario.loffredo


_______________________________________________
regext mailing list
regext@ietf.org
https://www.ietf.org/mailman/listinfo/regext






















					Reply via email to