Hi, you're right, I want a script that that looks which DS records are published at the TLD level and then tell OpenDNSSEC that they are present.
I'd try the following: - Fetch all zones from OpenDNSSEC configuration (later perhaps only the zones that are needed, when the installation gets bigger) - Detect all(?) nameservers of the TLD for the zone - Ask every TLD nameserver for DS records of the zone - When one DS is present on every nameserver: push these to OpenDNSSEC (should be no problem to push all into, OpenDNSSEC seems to know when it has to do something, or not) I don't know if this could work. Perhaps I just need some kind of spooling, when OpenDNSSEC sends me DNSKEYs, that I wait then x hours before proceeding the checks above. What do you think? Greetings Volker On Fri, 24 Jun 2011 14:07:42 +0200, Casper Gielen <[email protected]> wrote: > Op 24-06-11 14:02, Craig Whitmore schreef: >> >> >> On 24/06/11 11:10 PM, "Volker Janzen" <[email protected]> wrote: >> >>> Hi, >>> >>> that's what I want to do: pass DNSKEYs to my registrar. >>> >>> But I also need to write a cron that can check the DS records at the >>> TLD zone and pass them to OpenDNSSEC. Or can OpenDNSSEC detect the DS >>> records on its own? >>> >>> >>> Greetings >>> Volker >>> >> >> You send (depending on your country/upstream) YOUR domains DS(s) or >> DNSKEY(s). (not the other way) > > You'll have to wait for upstream to publish the DS before you can start > using the DNSKEYS. I think that Volker wants a script that signals > opendnssec when this has happened. I've also considered writing such a > script but I haven't gotten around to it yet. _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
