[rpd] New Proposal: Lame delegations in AFRINIC reverse DNS

[Joe Abley]

On 15 Apr 2017, at 12:46, Mark Elkins <mje at posix.co.za> wrote:

> Hmm..Reminds me that  I have asked previously if we could have some sort
> of (non-mail) automated, secure way of doing DNSSEC updates at AFRINIC,
> either EPP or something, but that's another topic.

There are EPP extensions that could be reused from the domain registry world, but I don't know how many favours you'd be doing to ISPs if you chose that interface since unless they also happen to be a registrar, it's probably a lot of work they are not interested in doing.

ARIN did quite a bit of work on a REST interface for managing number resources, including (I think) nameservers for reverse delegation. The hardest thing with a REST interface is getting the data model right, and I presume there are end-user tools that already exist to use it; that's the most obvious option to me.

CIRA (the .CA people) have a project underway to allow registrants to manage DS changes in an already-signed child zone using CDS records (RFC 8078). That's maintenance rather than bootstrapping (since you can't trust the CDS until it's signed) but if there was interest in trying that in the reverse tree I'm sure they'd be very happy to talk about sharing code or experiences.


Joe