You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Create background job for validating dnssec trust chains of the domains that have DS records in .ee TLD zones.
Similar to host validation and csync processes
mark ds records that have been added to the registry by csync as valid (no need to validate those records at least for a year)
validate all un-validated ds records
check that the dnskey exist in all the nameservers associated with the domain - by both IPv4 and IPv6 addresses
if invalid ds record is found on three consecutive validation runs then remove it from .ee zone
notify registrar and registrant - message must include list of misconfigured host records
notify registrar via poll message
notify technical contact about removing dn record from the zone via email
testing:
1)
add ds record to a domain that has the same key in all its nameservers (both ipv4 and ipv6 ip addresses)
run validator - no issues
add ds record to a domain that has no dnskeys in its hosts
run validator - ds record is marked as invalid for the first time, record is created to a validation table
run validator third time - third record is created in validations table, DS record is removed from the .ee TLD zones
notification arrived to the registrar as a poll message
notification arrived to technical contact about removing dn record from the zone via email
email notification is sent to registrant and admin if tech contact is missing or has invalid email address
add ds record to a domain that has one misconfigured host and at least one proper ns server
run validator - ds record is marked as invalid for the first time and second time, record(s) are created to a validation table
run validator third time - third record is created in validations table, DS record is removed from the .ee TLD zones
notification arrived to the registrar as a poll message
notification arrived to technical contact about removing dn record from the zone via email
email notification is sent to registrant and admin if tech contact is missing or has invalid email address
add ds record to a domain with correct key value but incorrect algorithm
run validator - ds record is marked as invalid for the first time, record is created to a validation table
run validator third time - third record is created in validations table, DS record is removed from the .ee TLD zones
notification arrived to the registrar as a poll message
notification arrived to technical contact about removing dn record from the zone via email
email notification is sent to registrant and admin if tech contact is missing or has invalid email address
what other issues can there be in relation to dnssec trust chain validation
The text was updated successfully, but these errors were encountered:
Create background job for validating dnssec trust chains of the domains that have DS records in .ee TLD zones.
Similar to host validation and csync processes
if invalid ds record is found on three consecutive validation runs then remove it from .ee zone
notify registrar and registrant - message must include list of misconfigured host records
notify registrar via poll message
notify technical contact about removing dn record from the zone via email
testing:
1)
The text was updated successfully, but these errors were encountered: