Thanks Daniel for your helpful answers. Yes, CDS is also something I always wanted to try, but as usual: no hard pressure, no time... ;-)
Benoît Panizzon wrote: > From their point of view, my 'algo 5' .ch domains have still DNSSEC active Basically the same behavior I had with my 'algo 7' domains (infomaniak). > but deleting DS or disabling DNSSEC hangs forever and upon reloading my old > algo 5 keys are back. I did not even try to delete/disable DNSSEC, I was just able to update the existing record (key/algo/hash). Then the update towards the registry was carried out immediately, seems the old values do not matter then. Cannot tell whether that works with Gandi though. Maybe option #3 besides the nerd and normal answers and worth a try? Gruass, Franco On 01.05.23 17:11, Benoît Panizzon via swinog wrote: > Hi Daniel > >> The nerd answer is that you can use Automated DNSSEC Provisioning [1] >> to enable DNSSEC. This also sends an EPP poll message to your >> registrar to update locally cached state information about a domain >> name. > > Yes, trying to understand, how I correctly get rid of my old RRSIG > entries without shooting myself in the foot, I came across this whole > new dnssec-policy and automatic publishing CDS records via Bind. > > Not sure if I have yet fully understood the mechanics. But I have > tentatively set it up now and I'll see, if this somehow, by the magic > of the internet, caused my DS entries to get refreshed. > _______________________________________________ swinog mailing list -- swinog@lists.swinog.ch To unsubscribe send an email to swinog-le...@lists.swinog.ch