I’ve had pdnssec running for this domain and a few others for some time now and the domains have been signed “locally” in preparation for signing by the parent domain.
This works really nicely and now that I’m doing consultancy and contract work I thought I’d look into how I get the domain signed by the parent so I can offer DNSSEC as an option to my clients.
Thanks to a post on the dnssec-deployment mailing list I found a list of registrars that had passed accreditation for DNSSEC on .ORG – note the very careful wording at the top of that page:
A registrar who has passed OT&E for DNSSEC will have a “Yes” indicator below. This does not indicate whether the registrar has enabled a DNSSEC service for the registrants. Please contact the registrars directly for their DNSSEC service.
So I emailed a five of the registrars that have been approved asking how I could sign a domain that had I already purchased and was hosting on my own servers…
I’m still waiting for two of them to come back to me, however all of the responses so far have been along the lines of
We don’t provide DNSSEC at the moment but we are planning to next year (2012).
If you would like to purchase a domain from us, please contact us on xxx-xxx-xxxx
(An aside here to technical companies: If I send you an email stating I already have a domain that I want to integrate with your systems, please don’t try and sell me a new one…)
I’ve ended up having to email organisations such as Nominet directly and even they have passed it to “second line” support.
At this point I can only conclude that the world isn’t ready for dnssec yet which is a real shame as it would be far less hassle than implementing IPv6…
I’ll post more updates here as they become available.
I use DynDNS both personally and at work; they have DNSSEC (DS record) and IPv6 support for at least com, net and org. Tested GoDaddy but never really liked them; I pulled that test domain over to Dyn two weeks ago.
I’ve been told that gkg.net, InternetX, Gandi and NamesBeyond support DNSSEC, and Joker can do it through a tech support request, though I don’t have direct experience with any of them. Some folks recommended gkg.net for the API that they expose, but I don’t have any need for automation. I actually liked our old registrar and tried to convince them that DNSSEC and v6 glue were important, just couldn’t get any traction.
We’ve had a positive response to our RESTful interface for DS record management, but we would love to hear your personal feedback so we can continue to improve our DNSSEC support. (https://www.gkg.net/ws/ds.html)
The world is definitely ‘ready’ for DNSSEC, the support for it just doesn’t seem to be developing as fast as it should be. 🙂
Thanks and take care