DnsServer icon indicating copy to clipboard operation
DnsServer copied to clipboard
verified publisher icon TechnitiumSoftware

[Feature request] Support CDS/CDNSKEY

Open MrRinkana opened this issue 9 months ago • 3 comments

Hello! Reading trough the documentation about signing domains with DNSSEC; in the key roll-over section it is mentioned that (KSK) keys need to be manually uploaded to the registrar.

However there exists a method that allows, if supported by the registrar, for that process to be automatic: "CDS/CDNSKEY" - which are detailed in RFC 8078.

My registrar supports this and claims other large registrars such as cloudflare, wix and google domains also do (at least publish those records), although I have not checked how established this is myself.

It would be awesome if Technitium DNS server supported publishing CDS/CDNSKEY such that KSK key roll-over can be automatic with registrars that monitor those records. It also allows disabling DNSSEC validation entirely if needed.

Thank you for this awesome software!

MrRinkana avatar Mar 31 '25 00:03 MrRinkana

Thanks for the compliments and request. This is already in my to-do list but not being prioritized since its not much popular. There are many DNSSEC features planned like online signing so mostly will take this up during that phase.

ShreyasZare avatar Mar 31 '25 09:03 ShreyasZare