Hello Bas, > Does anyone have script to check if the DS records are published at > the TLD , and if so do a ds-seen . > I want to automate the ds-seen process > Yes, we do:
https://dnssec.surfnet.nl/?p=808 Although the link to the parent (for uploading DNSKEY and/or DS RRs) is not included (it is specific to your parent's EPP deployment after all) the difficult bits are all covered in this code: querying the right NS's, taking care of TTL expiration times in caches and so on. This code has run for a few years at SURFnet for hundreds of domains, and shown to be very, very robust. We've had various problems with our infrastructure, but never with this code. We've had it complain on NS downtime, and found it was an unmonitored defect in our parent zone's IPv4/IPv6 mixed presence. But I should also add to that that removal of zones is not yet automated at SURFnet. Ciao, -Rick _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
