1

The real title: How to use DS records without registrar help

I'm trying to stay loyal to my registrar, I have over 100 domains with them. Their "Advanced DNS" is pretty lacking(just A, TXT, CNAME and MX records), so unless I'm just setting up a quick website for a client, I use my own name servers.

I'm trying to implement DNSSEC, but my registrar is useless. They keep telling me since I'm not using their DNS, that I have to do it on the DNS host (which I am). All of my research says the DS has to be sent to the root via the registrar so it can be signed. Is there a way for me to do this without the registrar? Or am I barking up the wrong packet? :)

ceejayoz
  • 32,910
  • 7
  • 82
  • 106
TimJ
  • 11
  • 2
  • Complaints about the title limits can go on http://meta.serverfault.com/. They're not appropriate in your question here. – ceejayoz Sep 03 '15 at 18:41

1 Answers1

2

The short answer is "no, the registrar is the only entity which can write a DS record to the parent zone". If you want to do your own DNSSEC implementation and not pay for the one which the registrar provides, you'll need to migrate your domain(s) to a registrar which supports DNSSEC for that TLD. I'm currently in the process of migrating hundreds of domains to a different registrar because of this very issue- the current registrar's network had solutions which didn't work for our DNSSEC implementation.

idriss m.
  • 51
  • 4