automating DS Record submit to parent with 'new' kasp/dnssec-policy support in bind?

PGNet Dev at
Wed May 27 17:35:25 UTC 2020

On 5/26/20 4:50 PM, Mark Andrews wrote:
> This is where we need to get the registrars to follow standards.  They are written
> so everyone doesn’t have to cobble together ad-hoc solutions.  Hourly scans of all
> the DNSSEC delegations by the registrars would do.
> push solutions

sounds reasonable. at very least, better than nothing.

in the absence of a standards-based solution, any options for hooks in bind to external scripts, even if ad-hoc?

e.g., "if when change in DS Record in local bind, then fire this external script which will manage the DS submit/withdraw via API to registrar"

a completely de-coupled solution, independent of bind itself, is doable -- but again, ad-hoc, and seems a step backwards given the nice progress with dnssec-policy/kasp simplifications in recent versions.

if that's all there is, know of any existing, proven ad-hoc solutions?

More information about the bind-users mailing list