Evan Hunt <e...@isc.org> wrote:
> KSK rollovers are still trickier since they require interaction with
> your parent zone. I hope to get support for CDS/CDNSKEY signaling into
> dnssec-keymgr, but whether that ultimately will be useful or not depends
> on whether domain registrars make use of it.

Even if your parent doesn't have RFC 7344 support, they probably have some
API you can use (or if you are really stuck you can script their website
with a headless browser). The interlocks and checking that dhssec-keymgr
needs for RFC 7344 will also be useful for supporting generic delegation
update API hooks.

This is one of my longstanging background projects (very slow incremental
progress) both as a parent (e.g. dnssec-cds) and as a child (why I learned
about headless browsers, ugh).

f.anthony.n.finch  <d...@dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Fair Isle: Variable 4 at first in east, otherwise southeast 5 to 7, perhaps
gale 8 later. Moderate or rough. Fair. Good.
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list

Reply via email to