Hi deSEC Team,
are there any plans to support DNS Slave Zone on your service with DNS Master on my own server?
Best Regards,
Patrick
Hi deSEC Team,
are there any plans to support DNS Slave Zone on your service with DNS Master on my own server?
Best Regards,
Patrick
Dear Patrick,
we would like to offer an API endpoint that accepts AXFR data, primarily to ease domain migration. This could be used to effectively have your own DNS Master server. It’s very unlikely that we will accept NOTIFY packets and poll for AXFR, as this comes with a vast complication of authentication of received data.
As deSEC’s main purpose is to spread the use of DNSSEC, we probably won’t offer our distribution network to zones that are already using DNSSEC. (Unless you can make a good case how this serves our purpose.)
Best,
Nils
If a domain owner doesn’t want to use third party DNSSEC keys it makes sense to run an own signing hidden primary nameserver. Individuals will have problems to find affordable anycast secondary nameservers for this purpose.
What’s the state of importing complete zones?
Will this work with NSEC3-protected zones if the domain owner has no access to the AXFR configuration of his current nameservers?
Dear renne,
thanks for joining deSEC, and welcome! We had a couple users asking for this feature, and are reluctant to implement it. There are two reasons for this:
Best,
Nils