At the end of his talk at the RIPE meeting this morning, Ondřej Caletka
mentioned his work on automated updates to DNSSEC delegations using CDS
records:
https://ripe77.ripe.net/programme/meeting-plan/dns-wg/
I commented at the mic to say that this is something I am very keen on. I
wrote `dnssec-cds` (an implementation of RFC7344 and section 4 of RFC8078)
to help improve DNSSEC automation, and it is included in BIND 9.12 and
later.
https://ftp.isc.org/isc/bind9/9.12.0/doc/arm/man.dnssec-cds.html
Ondřej's setup uses a special `mntner` with RIPE database API access to
indicate which zones should have their DS records updated automatically.
This is a nice way to control permissions when the update process is
running outside the RIPE database, but I expect it can be made neater if
it is integrated more closely.
I would like to help get RFC 7344 support into the RIPE database, so what
do we need to do next to make it happen?
Tony.
--
f.anthony.n.finch <dot(a)dotat.at> http://dotat.at/
Hebrides, Bailey: Westerly backing southerly later, 5 to 7, occasionally
gale 8 at first in north Bailey. Rough or very rough, occasionally high at
first in north Bailey. Showers, rain later. Good, occasionally moderate.
Hello DNS working group,
After a successful and packed half-day DNS devroom at FOSDEM 2018, we
are happy to announce a full-day DNS devroom at FOSDEM 2019.
As with last year, we hope to host talks anywhere from hardcore protocol
stuff, to practical sessions for programmers that are not directly
involved with DNS but may have to deal with DNS in their day to day
coding or system administrators responsible for DNS infrastructure.
We have been allotted a room on Sunday 3 February 2019. We expect to
schedule 30 minutes per talk, including questions, but if you need more
or less time, we can discuss this.
If you have something you’d like to share with your fellow developers,
please head to pentabarf at
https://penta.fosdem.org/submission/FOSDEM19. Examples of topics are
measuring, monitoring, DNS libraries, and anecdotes on how you’ve
(ab)used the DNS. Here’s the 2018 schedule, for your inspiration:
https://archive.fosdem.org/2018/schedule/track/dns/ .
The deadline for submission is December 1st. If you have a FOSDEM
pentabarf account from a previous year, please use that account. Reach
out to dns-devroom-manager(a)fosdem.org if you run into any trouble.
See you there!
Cheers,
Peter van Dijk, Shane Kerr, Pieter Lexis, and Kees Monshouwer
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
Dear colleagues,
Please read on RIPE Labs how Geoff Huston and the APNIC Labs measured
the readiness of the Internet for the KSK roll:
https://labs.ripe.net/Members/gih/measuring-the-ksk-roll
Kind regards,
Mirjam Kühne
RIPE NCC
