Evan Hunt <e...@isc.org> wrote: > > KSK rollovers are still trickier since they require interaction with > your parent zone. I hope to get support for CDS/CDNSKEY signaling into > dnssec-keymgr, but whether that ultimately will be useful or not depends > on whether domain registrars make use of it.
Even if your parent doesn't have RFC 7344 support, they probably have some API you can use (or if you are really stuck you can script their website with a headless browser). The interlocks and checking that dhssec-keymgr needs for RFC 7344 will also be useful for supporting generic delegation update API hooks. This is one of my longstanging background projects (very slow incremental progress) both as a parent (e.g. dnssec-cds) and as a child (why I learned about headless browsers, ugh). Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Fair Isle: Variable 4 at first in east, otherwise southeast 5 to 7, perhaps gale 8 later. Moderate or rough. Fair. Good. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list firstname.lastname@example.org https://lists.isc.org/mailman/listinfo/bind-users