Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.protocols.dns.bind > #15786

Re: automating DS Record submit to parent with 'new' kasp/dnssec-policy support in bind?

From PGNet Dev <pgnet.dev@gmail.com>
Newsgroups comp.protocols.dns.bind
Subject Re: automating DS Record submit to parent with 'new' kasp/dnssec-policy support in bind?
Date 2020-05-27 10:35 -0700
Message-ID <mailman.449.1590600912.942.bind-users@lists.isc.org> (permalink)
References <035aafab-7d58-12fa-7607-1f3634271fd3@gmail.com> <00A9E019-5C44-4FEE-8706-35AC8F4E7655@isc.org> <dec95a68-ded7-528c-656e-1d98070fac2c@gmail.com>

Show all headers | View raw

On 5/26/20 4:50 PM, Mark Andrews wrote:
> This is where we need to get the registrars to follow standards.  They are written
> so everyone doesn’t have to cobble together ad-hoc solutions.  Hourly scans of all
> the DNSSEC delegations by the registrars would do.
> 
> push solutions

sounds reasonable. at very least, better than nothing.

in the absence of a standards-based solution, any options for hooks in bind to external scripts, even if ad-hoc?

e.g., "if when change in DS Record in local bind, then fire this external script which will manage the DS submit/withdraw via API to registrar"

a completely de-coupled solution, independent of bind itself, is doable -- but again, ad-hoc, and seems a step backwards given the nice progress with dnssec-policy/kasp simplifications in recent versions.

if that's all there is, know of any existing, proven ad-hoc solutions?

Back to comp.protocols.dns.bind | Previous | Next | Find similar | Unroll thread

Thread

Re: automating DS Record submit to parent with 'new' kasp/dnssec-policy support in bind? PGNet Dev <pgnet.dev@gmail.com> - 2020-05-27 10:35 -0700

csiph-web