28 Říj
2021
28 Říj
'21
22:44
Hi Luveh,
The draft you cited is quite old, but of course still accurate.
We are a group of people working on a technic called multi-signer which solves the
problem.
For this we have been able to get support into PowerDNS and Bind and are actively working
with the Knot Team for support.
Please find details at https://github.com/DNSSEC-Provisioning
<https://github.com/DNSSEC-Provisioning>
There is a software implementation (although only very rudimentary) a draft and a project
description with a collection of needed capabilities.
Kind regards
/Ulrich
On 27 Oct 2021, at 17:28, Luveh Keraph
<1.41421(a)gmail.com> wrote:
There is an Internet draft
(https://datatracker.ietf.org/doc/html/draft-koch-dnsop-dnssec-operator-chan…
<https://datatracker.ietf.org/doc/html/draft-koch-dnsop-dnssec-operator-change-06>)
that describes a mechanism to facilitate the operation consisting of changing the DNS
delegation for a signed DNS zone. Since this is a draft, I do not expect for Knot to
provide support for it already (in fact, I know it does not, for it involves signing a
DNSKEY RR, which Knot does not do) but I wonder whether this is something that is in
Knot's roadmap?
--
https://lists.nic.cz/mailman/listinfo/knot-dns-users