automating DS Record submit to parent with 'new' kasp/dnssec-policy support in bind?
pgnet.dev at gmail.com
Wed May 27 17:35:25 UTC 2020
On 5/26/20 4:50 PM, Mark Andrews wrote:
> This is where we need to get the registrars to follow standards. They are written
> so everyone doesn’t have to cobble together ad-hoc solutions. Hourly scans of all
> the DNSSEC delegations by the registrars would do.
> push solutions
sounds reasonable. at very least, better than nothing.
in the absence of a standards-based solution, any options for hooks in bind to external scripts, even if ad-hoc?
e.g., "if when change in DS Record in local bind, then fire this external script which will manage the DS submit/withdraw via API to registrar"
a completely de-coupled solution, independent of bind itself, is doable -- but again, ad-hoc, and seems a step backwards given the nice progress with dnssec-policy/kasp simplifications in recent versions.
if that's all there is, know of any existing, proven ad-hoc solutions?
More information about the bind-users