13 Dub
2025
13 Dub
'25
22:31
Hi Michael,
On 4/13/25 22:17, Michael Grimm via knot-dns-users wrote:
Oh, that list includes RIPE NCC [1]. Does that mean:
it is possible to bootstrap DNSSEC for my ip6.arpa zone?
[...]
The way I read their docs is that they only use RFC 7344, which means you can use
CDS/CDNSKEY records in your zone to *update* your pre-existing DS records.
For configuring DS records for the first time ("bootstrap"), they would need to
support RFC 8078 and/or RFC 9615, but apparently they don't do that (yet?).
All of this of course only applies if your zone is delegated directly from a parent zone
run by RIPE. If it's delegated from an intermediate zone run by someone else,
you'll have to ask that operator.
Cheers,
Peter
--
https://desec.io/