Re: [regext] I-D Action: draft-ietf-regext-rfc7484bis-04.txt

Hello, This is an updated version that fixes the comments received during WGLC: - As suggested by Scott Hollenbeck, please update the Section 2 boilerplate with the updated BCP14 reference. - Please update the references to RFC7482 and RFC7483 to RFC9082 and RFC9083, respectively. So to me, th

[regext] I-D Action: draft-ietf-regext-rfc7484bis-04.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Registration Protocols Extensions WG of the IETF. Title : Finding the Authoritative Registration Data (RDAP) Service Author : Marc Blanchet

Re: [regext] Transfer of signed domain to registrar that does not support DNSSEC

Policy wise, I would keep the DS intact in a transfer or NS change, so that all non-DNSSEC-capable registrars would soon disappear. ;-) Since a transfer does not change NS records nor DNSKEY records, it’s not the transfer that breaks the domain, but a subsequent NS change to a new dns-provider..

Re: [regext] Transfer of signed domain to registrar that does not support DNSSEC

On Thu, Sep 2, 2021, at 04:39, Martin Casanova wrote: > Lets assume a singed domain is being transferred but the new registrar > (still...) does not support DNSSEC and is therefore not able to delete > or modify the DS/KeyData at the registry. In that case the domain can > not be resolved any

Re: [regext] Transfer of signed domain to registrar that does not support DNSSEC

Hi Martin,In case of transfer to a registrar that does not support DNSSEC, our REGISTRIO platform does remove DNSSEC records from the domain. In case of just changed nameservers, we keep the records.Kind regards,Iliya Bazlyankov | Domain ExpertEDOMS+35981690 Bulgaria+380636908345 ukraineil..

Re: [regext] Transfer of signed domain to registrar that does not support DNSSEC

Hi Martin, our registry system TANGO does not automatically remove DNSSEC records in its default setting. Even when changing name servers I find it a dangerous heuristic to remove the DNSSEC records. It might just be that the registrar changed some name servers while keeping DNSSEC active. If the

Re: [regext] Transfer of signed domain to registrar that does not support DNSSEC

Hi Martin, at .it we don't prohibit the transfer of signed domains to registrars that dont' provide support for DNSSEC. The DS records are removed when the nameservers change. Best, Mario Il 02/09/2021 11:39, Martin Casanova ha scritto: Hi Since we have programs in place to push DNSSEC o

Re: [regext] Transfer of signed domain to registrar that does not support DNSSEC

+1 As registrar you should be able to deal with EPP regardless if you offer the services. A support ticket to delete this records is nice-to-have. > On 2. Sep 2021, at 12:00, Kristian Ørmen > wrote: > > Hi Martin > > Other registries just requires to handle DNSS

Re: [regext] Transfer of signed domain to registrar that does not support DNSSEC

Hi Martin Other registries just requires to handle DNSSEC if we still wants to be a registrar in that TLD. Usually I’m not a fan of more requirements for registrars but DNSSEC has been around for so long. They don’t need to offer DNSSEC on their own nameservers, they just need to be able to ad

[regext] Transfer of signed domain to registrar that does not support DNSSEC

Hi Since we have programs in place to push DNSSEC our number of signed domains is increasing rapidly. This brings up a old question that we were wondering about how other registries handle it. Lets assume a singed domain is being transferred but the new registrar (still...) does not support DNSS