There was a thread started by Dan York about a year and a half ago, in which he asked about registrars offering an API for updating a domain's DS records. That thread diverged into a discussion of better alternatives.
I've done some recent research on the original question, and there seem to be a few more registrars that offer APIs for this purpose: * gandi.net (http://doc.rpc.gandi.net/domain/index.html) * gkg.net (https://www.gkg.net/ws/ds.html) * dyn.com (https://help.dyn.com/create-ds-records-api/) * hexonet (https://wiki.hexonet.net/wiki/DNSSEC) * Akamai (https://developer.akamai.com/api/luna/config-dns/overview.html) I don't claim this is exhaustive, but at least it may save the next person some digging. No personal experience with any of these. If you have additions/corrections and/or experience, please chime in. In the other discussions were comments on IDs that became RFCs 7344 and 7477. 7344 defines a "pull" model for hoisting DS records from the child domain into the parent, secured by DNSSEC. BIND and Net::DNS have support for the CDS and CDNSKEY record types. I haven't heard of any registrar implementing this as yet. I also haven't heard of any further work on "triggering mechanisms" for 7344 (6.1.2). News on either front would be welcome. -- This communication may not represent my employer's views, if any, on the matters discussed.
