Hi all, > On 20 Jul 2016, at 22:43, Sebastian Castro <[email protected]> wrote: > > On 21/07/16 1:02 AM, Emil Natan wrote: >> Hello, > > Hi Emil, > >> >> Was automated DS management ever considered in the scenario when both >> child and parent are managed on the same system? What I mean is DS for >> the child domain to be automatically published and signed in the parent >> and replaced when KSK rollover is performed for the child domain. > > That's not part of the OpenDNSSEC features, but it can be done. We have > 10+ children zone and their corresponding parent signed with DNSSEC > using ODS and with some scripting magic we managed to securely transfer > the DS records for the children into the parent, making the KSK > rollovers automatic.
Thank you Sebastian and Emil to bring this item up. Automated DS management such as described in RFC 7344 is on our roadmap of OpenDNSSEC 2.x (probably 2.2 or 2.3). Input like yours on operational scenarios are most welcome. This helps us defining next releases and priorities for the OpenDNSSEC roadmap. Best regards, — Benno -- Benno J. Overeinder NLnet Labs http://www.nlnetlabs.nl/ _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
