[Dnssec-deployment] Domain registrars with easy DNSSEC interface?

Bill Owens owens at nysernet.org
Wed Jan 18 08:41:44 EST 2012

On Tue, Jan 17, 2012 at 10:54:23AM -0500, Dave Lawrence wrote:
> As would be an official recognition of the role of DNS hosting
> provider, so that a trust relationship can be established between them
> and the registrar.

I tried out a few ideas on paper last night and could work out a way for the initial DS records to be communicated between the hosting provider and the registrar using only the DNS itself and some cut-and-paste in the providers' websites, but that isn't really an improvement over just cutting and pasting the DS record. And I can't see any way for the DS to be updated in the future without the domain owner becoming involved again. 

Unfortunately I don't think that hosting providers would have any economic incentive to support a mechanism that would make it simpler for their customers to separate the roles, since they'd rather collect both the registration and hosting fees. And of course most of the registrars are, in fact, hosting providers, so they're in the same boat. . .


More information about the Dnssec-deployment mailing list