On Fri, Jan 07, 2011 at 11:39:59AM +0100, bert hubert wrote: > On Fri, Jan 07, 2011 at 11:24:12AM +0100, Leen Besselink wrote: > > > But their is one part I'm missing a way to hook up an EPP-client for > > sending the DS-record to the parent-zone. > > This could be added to pdnssec perhaps - is there an EPP spec somewhere? > 'pdnssec push-zone-ds powerdnssec.org epp.sidn.nl' ? > > It would probably need authentication tokens too etc. >
I would expect it to need authentication tokens too. :-) Supposedly it is RFC 5910 which obsoletes RFC 4310. It's an XML format sent over HTTP(S). I've seen a few EPP implementations (not the DNSSEC-part) and they are not the same. But I don't see a reason why commands related to DNSSEC should differ. > > Are their to many TLD's that do not have the needed EPP-extensions at > > this time ? Or are their to many different > > authentication scheme's ? Probably worse, I guess for some people they > > have registrars in between. And some > > currently have EPP, but probably not many have DNSSEC yet. > > As far as I know, almost nobody has a decent DS submission gateway > standardized right now. But oddly enough, I know very little about registry > operations, so I could very well be wrong. > I understand. Maybe it does not need to be part of PowerDNSSEC (at first ?). But I did wonder at what point in time (for examlpe 5 days before key rollover) will the new DS be inserted in the database and how do you recognise it. But after reading http://wiki.powerdns.com/trac/wiki/PDNSSEC/details again it is pretty obvious PowerDNSSEC does not do a key rollover unless you ask it to do so. Somehow I missed that part the first time. Do you have any recommendations or pointers to recommendations about when key rollover should be done ? A small recommendation for the documentation: it does not mention the cryptograhic/hashing algorithms that are used (or supported) by PowerDNSSEC. I would expect the key rollover to depend on the algorithms used. > Bert _______________________________________________ Pdns-users mailing list Pdns-users@mailman.powerdns.com http://mailman.powerdns.com/mailman/listinfo/pdns-users