OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: DANE and DLV

From: Jean Bruenn (jean.bruennip-minds.de)
Date: Wed Jan 07 2015 - 12:54:03 CST


On 07/01/15 02:07, Jim Reid wrote:
> BTW, it's particularly unwise to adopt DLV to kludge around TLD
> registries or registrars who can't/won't support DNSSEC properly. This
> was the OP's rationale for going down that path. IMO the OP should
> switch to another registrar and let the slacker registrar know why
> they've lost the OP's business.

I don't want to go offtopic but there seem to be still "many"
registrars which do not support dnssec. I for example asked
three different registrars in germany and got the same
answer - they're working on it, due to the little demand
they haven't implemented anything for that now. I am
sure that I'll be able to find a registrar in germany with the
same prices, a similar realtime API and dnssec support.
Still I would not like to switch after 10+ years without any
trouble, to another registrar - call me lazy if you want.

Currently I am testing and "playing around" with dnssec,
dane and such stuff to learn more about it - I am not in pressure
to implement it neither do I need it cuz' its cool or something.
When implementing DNSSEC in my own nameservers I
noticed (due to forwarders I was using) that three different
(one of them is quite big) datacenters in germany don't
support dnssec - the public orsn nameserver does not,
neither. 3 is not a representative number, might be that
I picked the 3 that cannot while the other 97 can.

Would be pretty interesting to see some country-statistic
about dnssec usage. Actually the only public dns that
supports dnssec I found at a first glance was google and
I'd rather not use that (I am not using forwarders anymore
anyway) :^)