Dear renne,
thanks for joining deSEC, and welcome! We had a couple users asking for this feature, and are reluctant to implement it. There are two reasons for this:
- technical reasons: our infrastructure currently doesn’t provide the data structures that would be required to not sign zones on our side, but just import them. However, we’re working on having more liberty when it comes to signing zones, and to separate the tasks of deployment and signing better in our backend.
- political reasons: deSEC is devoted to spreading DNSSEC, not to providing free anycast. That’s why we didn’t consider offering the service that you are asking when we first started. However, monodhs had a couple good arguments as to why we should support it. However, no final decision has been made on our end yet. You’re welcome to join the discussion there, we are interested in your use-case!
Best,
Nils