parental CDS/CDNSKEY

Tony Finch dot at dotat.at
Wed Jul 26 11:18:38 UTC 2017


Is anyone working on a parent-side implementation of CDS/CDNSKEY?

The special validation requirements in RFC 7344 can't be done in the style
of the Python scripts (dnssec-checkds, shelling out to `dig`) so it needs
doing as a C DNSSEC tool.

For my scale, it would be enough to have a program that does a CDNSKEY
check for one domain, tho I expect a registr{ar,y} would need something
that can do the child DNSKEY+CDNSKEY+CDS lookups concurrently in bulk.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Thames, Dover, Wight: South 5 or 6, veering southwest 6 or 7. Slight or
moderate, becoming moderate or rough. Rain, fair later. Moderate or poor,
becoming good later.


More information about the bind-workers mailing list