Re: [regext] Transfer of signed domain to registrar that does not support DNSSEC

2021-09-02 Thread Antoin Verschuren
Policy wise, I would keep the DS intact in a transfer or NS change, so that all non-DNSSEC-capable registrars would soon disappear. ;-) Since a transfer does not change NS records nor DNSKEY records, it’s not the transfer that breaks the domain, but a subsequent NS change to a new dns-provider..

Re: [regext] Transfer of signed domain to registrar that does not support DNSSEC

2021-09-02 Thread Patrick Mevzek
On Thu, Sep 2, 2021, at 04:39, Martin Casanova wrote: > Lets assume a singed domain is being transferred but the new registrar > (still...) does not support DNSSEC and is therefore not able to delete > or modify the DS/KeyData at the registry. In that case the domain can > not be resolved any

Re: [regext] Transfer of signed domain to registrar that does not support DNSSEC

2021-09-02 Thread Iliya Bazlyankov
...@edoms.com | il...@tool-domains.com Оригинално съобщение От: Martin Casanova Дата: 2.09.21 г. 12:39 (GMT+02:00) До: regext@ietf.org Тема: [regext] Transfer of signed domain to registrar that does not support DNSSEC Hi Since we have programs in place to push

Re: [regext] Transfer of signed domain to registrar that does not support DNSSEC

2021-09-02 Thread Michael Bauland
Hi Martin, our registry system TANGO does not automatically remove DNSSEC records in its default setting. Even when changing name servers I find it a dangerous heuristic to remove the DNSSEC records. It might just be that the registrar changed some name servers while keeping DNSSEC active. If the

Re: [regext] Transfer of signed domain to registrar that does not support DNSSEC

2021-09-02 Thread Mario Loffredo
Hi Martin, at .it we don't prohibit the transfer of signed domains to registrars that dont' provide support for DNSSEC. The DS records are removed when the nameservers change. Best, Mario Il 02/09/2021 11:39, Martin Casanova ha scritto: Hi Since we have programs in place to push DNSSEC o

Re: [regext] Transfer of signed domain to registrar that does not support DNSSEC

2021-09-02 Thread Tobias Sattler
+1 As registrar you should be able to deal with EPP regardless if you offer the services. A support ticket to delete this records is nice-to-have. > On 2. Sep 2021, at 12:00, Kristian Ørmen > wrote: > > Hi Martin > > Other registries just requires to handle DNSS

Re: [regext] Transfer of signed domain to registrar that does not support DNSSEC

2021-09-02 Thread Kristian Ørmen
Hi Martin Other registries just requires to handle DNSSEC if we still wants to be a registrar in that TLD. Usually I’m not a fan of more requirements for registrars but DNSSEC has been around for so long. They don’t need to offer DNSSEC on their own nameservers, they just need to be able to ad

[regext] Transfer of signed domain to registrar that does not support DNSSEC

2021-09-02 Thread Martin Casanova
Hi Since we have programs in place to push DNSSEC our number of signed domains is increasing rapidly. This brings up a old question that we were wondering about how other registries handle it. Lets assume a singed domain is being transferred but the new registrar (still...) does not support DNSS