Adding DS records

[Thomas Schulz]

Has anyone been able to get Network Solutions to add DS records for
their domain? I am trying to get DS records added for my domain and
so far it looks like Network Solutions can not do that.

Tom Schulz
Applied Dynamics Intl.
sch...@adi.com

[/dev/rob0]

On Fri, Dec 20, 2013 at 10:04:59AM -0500, Thomas Schulz wrote:
> Has anyone been able to get Network Solutions to add DS records
> for their domain? I am trying to get DS records added for my
> domain and so far it looks like Network Solutions can not do that.

The last time this was asked here was in August:

https://lists.isc.org/pipermail/bind-users/2013-August/091340.html

If I was a NetSol customer, I would ask them, "Why not?"
--
http://rob0.nodns4.us/
Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

[Warren Kumari]

On Dec 20, 2013, at 10:38 AM, /dev/rob0 <ro...@gmx.co.uk> wrote:

> On Fri, Dec 20, 2013 at 10:04:59AM -0500, Thomas Schulz wrote:
>> Has anyone been able to get Network Solutions to add DS records
>> for their domain? I am trying to get DS records added for my
>> domain and so far it looks like Network Solutions can not do that.
>
> The last time this was asked here was in August:
>
> https://lists.isc.org/pipermail/bind-users/2013-August/091340.html
>

> If I was a NetSol customer, I would ask them, "Why not?”

And if I were a NetSol customer, I would ask myself, “Why?”

W

> --
> http://rob0.nodns4.us/
> Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:

> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-...@lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>

--
With Feudalism, it's your Count that votes.

[Mike Hoskins (michoski)]

-----Original Message-----
From: Warren Kumari <war...@kumari.net>
Date: Friday, December 20, 2013 12:15 PM
To: "bind-...@lists.isc.org" <bind-...@lists.isc.org>
Subject: Re: Adding DS records

>On Dec 20, 2013, at 10:38 AM, /dev/rob0 <ro...@gmx.co.uk> wrote:
>
>> On Fri, Dec 20, 2013 at 10:04:59AM -0500, Thomas Schulz wrote:
>>> Has anyone been able to get Network Solutions to add DS records
>>> for their domain? I am trying to get DS records added for my
>>> domain and so far it looks like Network Solutions can not do that.
>>
>> The last time this was asked here was in August:
>>
>> https://lists.isc.org/pipermail/bind-users/2013-August/091340.html
>>
>> If I was a NetSol customer, I would ask them, "Why not?²
>

>And if I were a NetSol customer, I would ask myself, ³Why?²

If I were a capitalist, I'd vote with my wallet and go somewhere with the
features I want.

[Thomas Schulz]

> >> If I was a NetSol customer, I would ask them, "Why not?"
> >
> >And if I were a NetSol customer, I would ask myself, Why?
>
> If I were a capitalist, I'd vote with my wallet and go somewhere with the
> features I want.

Well, we started with them back when they were the only company registering
domain names. And up to now there were no problems (other than perhaps price).

Any recomendations for another company for a .com domain in the US?
I suppose that I could always use the DLV, but I would rather not.

[pgndev]

> Any recomendations for another company for a .com domain in the US

Gandi.net

Great support, including DNSSEC:

http://wiki.gandi.net/en/domains/dnssec
http://doc.rpc.gandi.net/domain/reference.html

[Lightner, Jeff]

FYI: web.com recently bought NetSol and at least one other Registrar that escapes me at the moment. It might be worthwhile to see if any of their companies do this as you might have an easier time transferring and avoid some of the common games Registrars play to prevent it.

I heartily recommend that you NOT go to GoDaddy. Once they have your domain they play all sorts of games to keep it.

On that subject. If you DO decided to transfer domains from one registrar to another be sure to do the following at the old Registrar BEFORE requesting the transfer at the new one:
1) Turn off domain lock - most Registrars have this enabled by default now.
2) Turn off private registration if enabled.
3) Insure the administrative contact email is one you can send email to them from and can receive emails from them.
4) Obtain the transfer authorization code. Most Registrar web sites have "transfer" buttons that are easy to find but these are for transferring domains TO them rather than AWAY. Usually you have to do some research on their sites to find how to generate the code.

Jeffrey C. Lightner
Sr. UNIX Administrator

DS Waters of America, Inc.
5660 New Northside Drive NW
Suite 250
Atlanta, GA 30328

-----Original Message-----
From: bind-users-bounces+jlightner=wate...@lists.isc.org [mailto:bind-users-bounces+jlightner=wate...@lists.isc.org] On Behalf Of Thomas Schulz
Sent: Friday, December 20, 2013 12:59 PM
To: bind-...@lists.isc.org
Subject: Re: Adding DS records

> >> If I was a NetSol customer, I would ask them, "Why not?"
> >
> >And if I were a NetSol customer, I would ask myself, Why?
>
> If I were a capitalist, I'd vote with my wallet and go somewhere with
> the features I want.

Well, we started with them back when they were the only company registering domain names. And up to now there were no problems (other than perhaps price).

Any recomendations for another company for a .com domain in the US?
I suppose that I could always use the DLV, but I would rather not.

Tom Schulz
Applied Dynamics Intl.
sch...@adi.com
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-...@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Athena®, Created for the Cause(tm)
Making a Difference in the Fight Against Breast Cancer

---------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

[Steven Carr]

On 20 December 2013 18:10, pgndev <pgne...@gmail.com> wrote:
> Gandi.net
> Great support, including DNSSEC:

Gandi only support DNSSEC if you host the DNS elsewhere, their DNS
servers do not support DNSSEC.

Steve

[David Forrest]

gandi.net +1

I transferred from NS to Gandhi in December 1998. I don't know about their
hosting of primary DNS but they do host a secondary of mine and it seems
to resolve there with an aa flag:

; <<>> DiG 9.10.0a1 <<>> -t rrsig @ns6.gandi.net maplepark.com +norec
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64272
;; flags: qr aa; QUERY: 1, ANSWER: 11, AUTHORITY: 5, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;maplepark.com. IN RRSIG

;; ANSWER SECTION:
maplepark.com. 7200 IN RRSIG SPF 5 2 7200
20140117060102 20131220050102 53247 maplepark.com.
37jqijnR2J4+HDefTxLqcbUSshnT5HAWlwJ3XL82ty18UDXJ+excwzWU
6G75VWONF0HIT9Raa8aXeMdhAwgz3KX8+W1WDYs5sIdw59oWSrCw0eWr
uT7qjAvlOX5csEBit6YTBYG6ddDnO4MCqAULziKNKGQcNMBcsQeUbgax XkM=
maplepark.com. 7200 IN RRSIG DNSKEY 5 2 7200
20140117060102 20131220050102 47911 maplepark.com.
U/kQ9v9+5W58P22QrWrfB9TDXLETHTWfXuqRMHRdKiK0RfXKFPWY6b8I
4bZaaYwsyJOqK+e+jO9UM53wjZOFrHGC2WAjMldybFY1k5zvjiRu4wY/
FOWeS8moA3IJBTEPG5/mMC5KhI7fGNILh8r/oa3+vFVLB2T8UMpvKKc3
9dfsJEqa0k4AyL5AqqKWF8j9tNlyR2kIXxjHYVw0GP0ef4nWloikiFs9
vwVCoinqM10lXlRMOSu4px3YhMYFZgiDG4RcPOvZ7uQu7vwhxr7OGG/Y
A49oLk/gonzcFN5cVTA9sUoWNLiYRhkMavU5z/IskaV1xO4rkZiNcmHB HOwgHw==
maplepark.com. 7200 IN RRSIG DNSKEY 5 2 7200
20140117060102 20131220050102 53247 maplepark.com.
Zi7yCTwBShrjydl4Q0Qg/IKnfdl1Qqj8XJKmYE8+iuoP+VdNDMQ8LPky
4CJSwqygJkAql6ppm8FYXFwPZsCU3GfWAc90lbAMzGPUtu8XngZcrBJx
GUeoUndaDOSe2iXd2tws1a2szu6AmE4ku932yvGzlMXR2y4WfH9caAcw fR0=
maplepark.com. 600 IN RRSIG NSEC 5 2 600
20140117060102 20131220050102 53247 maplepark.com.
qsBEyCopGtmQeQr2+gbpewo646pneaDVnaqnYrx2C4fiwedfiJMIhcx9
xAxgH0fG7TZ7zEJOUwCITlWkj1lrU4rH0xVNQaQKYez2pcF+CnGJzy7C
A4SYBRdVXAU/slxu56ahvi7GNS7PHkGJiUVUJh65iEpS2HY3qOdv3CUn jRA=

(...)

--
David Forrest
St. Louis, Missouri

[Steven Carr]

On 20 December 2013 18:37, David Forrest <d...@maplepark.com> wrote:
> gandi.net +1
>
> I transferred from NS to Gandhi in December 1998. I don't know about their
> hosting of primary DNS but they do host a secondary of mine and it seems to
> resolve there with an aa flag:

Yep, secondary works, but they can't be a DNSSEC primary.

Steve

[Leonard Mills]

AIUI, it is not their name servers (which clearly support the records when secondary), it's their hefty customer UI and their support/helpdesk folks that would require a non-cheap upgrade.

That said, I have spent most of a decade as a happy customer of register.com, which was recently Borged by web.com (of which I know absolutely nothing as a customer).

hth,

Len

Steve

[Thomas Schulz]

> > gandi.net +1
> >
> > I transferred from NS to Gandhi in December 1998. I don't know about their
> > hosting of primary DNS but they do host a secondary of mine and it seems to
> > resolve there with an aa flag:
>
> Yep, secondary works, but they can't be a DNSSEC primary.
>
> Steve

We host the primary DNS ourselves with our ISP providing the secondary,
so no problem there. Just to get going, I entered the records using the
DLV. I think that I will get a different registerer early next year, after
the rush of the holidays quiets down. Our contract expires in March, so
this is a reasonable time to do a switch.
Thanks for the advice so far.

[Carl Byington]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 2013-12-20 at 12:08 -0800, Leonard Mills wrote:
> That said, I have spent most of a decade as a happy customer of
> register.com, which was recently Borged by web.com (of which I know
> absolutely nothing as a customer).

I moved from register.com to gkg.net because register.com was not (at
the time, it may have changed) able to handle DS records, or ipv6 glue.
GKG.net does both.

GKG.net has an api that allows me to script the upload of DS records
when we do KSK key rollovers.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAlK0uI8ACgkQL6j7milTFsFQCwCbBJEbDbn7uGuw+nEVpHSnIXg+
ZSYAnR76g9qvMohLx7xgNn00o/Zc3531
=xLMV
-----END PGP SIGNATURE-----

[Mark Andrews]

In message <alpine.LRH.2.03.1...@maplepark.com>, David Forrest writes:
> On Fri, 20 Dec 2013, Steven Carr wrote:
>
> > On 20 December 2013 18:10, pgndev <pgne...@gmail.com> wrote:
> >> Gandi.net
> >> Great support, including DNSSEC:
> >
> > Gandi only support DNSSEC if you host the DNS elsewhere, their DNS
> > servers do not support DNSSEC.
> >
> > Steve

> gandi.net +1
>
> I transferred from NS to Gandhi in December 1998. I don't know about their
> hosting of primary DNS but they do host a secondary of mine and it seems
> to resolve there with an aa flag:
>

> ; <<>> DiG 9.10.0a1 <<>> -t rrsig @ns6.gandi.net maplepark.com +norec
> ; (1 server found)
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64272
> ;; flags: qr aa; QUERY: 1, ANSWER: 11, AUTHORITY: 5, ADDITIONAL: 3

You don't test for dnssec support by requesting rrsigs. Nameservers
can return rrsigs without supporting dnssec.

You test for dnssec support by doing a request for something else
with "do=1" set (+dnssec) and seeing if rrsig, nsec/nsec3/ds records
are returned along with the rest of the response.

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

[Noel Butler]

On Fri, 2013-12-20 at 12:58 -0500, Thomas Schulz wrote:

Well, we started with them back when they were the only company registering
domain names. And up to now there were no problems (other than perhaps price).

and their highly unethical business practices, OK my experiences with them ended ten years ago, but, that's one book I judged by its cover after
what they did to me.

Any recomendations for another company for a  .com domain in the US?
I suppose that I could always use the DLV, but I would rather not.

T

I use cheapdomainregistration.com , reseller from wild west domains, owned by godaddy, and despite a lot of peoples opinions, I've not in ten years had one single issue with WWD.