Repository files navigation Support for CDS/CDNSKEY/CSYNC updates Support in domain registries
Registry
CDS
CDNSKEY
Delete
Bootstrap from insecure
Bootstrap via _dsboot
CSYNC
Notes
.ch Yes
No
Yes
72 hours TCP-only
Yes
No
guidelines
.cr
No
Yes
Yes
7 days TCP-only
No
No documentation found; FRED is used
.cz No
Yes
Yes
7 days TCP-only
No
FRED is used
.fo Yes
No
Yes
72 hours
No
guidelines
.li Yes
No
Yes
72 hours TCP-only
Yes
No
guidelines
.nu Yes
No
Yes
72 hours TCP-only
Yes
Policy and Guidelines
.se Yes
No
Yes
72 hours TCP-only
Yes
Policy and Guidelines
.sk Yes
No
Yes
72 hours
No
No clear information about using TCP for bootstrapping
.alt.za, .edu.za
Yes
No
Yes
72 hours
No
No
RIPE NCC Yes
No
Yes
No
No
Support in domain registrars
Registrar
CDS
CDNSKEY
Delete
Bootstrap from insecure
Bootstrap via _dsboot
CSYNC
Notes
Glauca Yes
Yes
Yes
All name servers must respond the same, TCP-only
Yes
?
Docs
Domainnameshop Yes
Yes
Yes
All name servers must respond the same, TCP-only
Possible future
No
part of BIND 9 can use both CDS and CDNSKEY
can produce DSset file or script for nsupdate
no support for bootstrapping from insecure
no support for DNSSEC delete
part of FRED
only CDNSKEY records
supports bootstrapping from insecure
almost zero documentation :(
rcdss (RIPE NCC CDS Scanner)
written in Python using dnspython
reads RIPE Database objects
produces RPSL-like diff objects
multithreaded scanning
no support for bootstrapping from insecure
publishes both CDS and CDNSKEY records
automated KSK rollover based on feedback from the parent
controlled by cds-cdnskey-publish
can also submit DS change directly using DDNS
publishes both CDS and CDNSKEY records
requires rndc dnssec -checkds published to advance the KSK rollover
publishes both CDS and CDNSKEY records
controlled by pdnsutil set-publish-cds
requires manual KSK rollover
synthesis of _dsboot record via LUA records: Setup LUA records ; LUA module ; pdns config
About
Info about CDS update support
Resources
License
Stars
Watchers
Forks
You can’t perform that action at this time.