[Opendnssec-user] automated DS management when child and parent on the same system

Benno Overeinder benno at NLnetLabs.nl
Sat Jul 30 12:37:18 UTC 2016


Hi all,

> On 20 Jul 2016, at 22:43, Sebastian Castro <sebastian at nzrs.net.nz> wrote:
> 
> On 21/07/16 1:02 AM, Emil Natan wrote:
>> Hello,
> 
> Hi Emil,
> 
>> 
>> Was automated DS management ever considered in the scenario when both
>> child and parent are managed on the same system? What I mean is DS for
>> the child domain to be automatically published and signed in the parent
>> and replaced when KSK rollover is performed for the child domain.
> 
> That's not part of the OpenDNSSEC features, but it can be done. We have
> 10+ children zone and their corresponding parent signed with DNSSEC
> using ODS and with some scripting magic we managed to securely transfer
> the DS records for the children into the parent, making the KSK
> rollovers automatic.

Thank you Sebastian and Emil to bring this item up.

Automated DS management such as described in RFC 7344 is on our roadmap of OpenDNSSEC 2.x (probably 2.2 or 2.3).

Input like yours on operational scenarios are most welcome.  This helps us defining next releases and priorities for the OpenDNSSEC roadmap.

Best regards,

— Benno

-- 
Benno J. Overeinder
NLnet Labs
http://www.nlnetlabs.nl/




More information about the Opendnssec-user mailing list