That's why we're working on DNSSEC automation, to let the DNS Operator sign the zone and automate the provisioning of DS record into the registry without registrant or registrar intervention. Multiple methods and approach being work on. API for DNS Operator: https://tools.ietf.org/html/draft-ietf-regext-dnsoperator-to-rrr-protocol-04 Registry full zone polling: https://en.blog.nic.cz/2017/06/21/lets-make-dns-great-again/ Jacques -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Rubens Kuhl Sent: December 1, 2017 2:36 PM To: Christopher Morrow <morrowc.lists@gmail.com> Cc: nanog@nanog.org Subject: Re: ccTLDs - Become a Registrar http://rick.eng.br/dnssecstat/ is more on topic of we what discussing, although the monitor is interesting too. Rubens On Fri, Dec 1, 2017 at 5:35 PM, Rubens Kuhl <rubensk@gmail.com> wrote:
On Fri, Dec 1, 2017 at 5:20 PM, Christopher Morrow < morrowc.lists@gmail.com> wrote:
On Fri, Dec 1, 2017 at 1:45 PM, Rubens Kuhl <rubensk@gmail.com> wrote:
.br also has such requirements. OpenSRS reference chart has a good hint of which ccTLDs have such requirements: http://bit.ly/OpenSRS_TLD_Reference_Chart
wow, 256 of 539 report "no" for DNSSEC.
For DNSSEC this one is more reliable: http://rick.eng.br/mon/
Rubens