Ask Slashdot: Which Registrars Support DNSSEC? 70
baerm writes "With GoDaddy being purchased by private equity firms (i.e. it will be sucked dry with service reduction and price increases until it dies) what other Registrars support DNSSEC? GoDaddy is the only registrar I could find that supports DNSSEC for registrees running their own DNS. It was fairly easy to add the Key Signing Keys' DS records to the parent zone using its DNS config. I did find a couple other registrars that were 'testing' DNSSEC or that would support DNSSEC if they ran your DNS. But I couldn't find any other registrars where you could just register, run your own DNS, and use DNSSEC (i.e. with your DS record in your parent zone). That being said, I was only able to research a small percentage of the registrars out there. Does anyone know of registrars, other than GoDaddy, that allow for DNSSEC? That is, registrars that have a method to pass the DS records to the parent zones for their registeree's domains?"
Comment removed (Score:3, Informative)
Registrars that support DNSSEC (Score:5, Informative)
Name.com and Network Solutions are two of the big, well-known registrars that support DNSSEC. .org was the first to support DNSSEC.
Here's a list of registrars that support DNSSEC for .org: http://www.pir.org/get/registrars?order=field_dnssec_value&sort=desc [pir.org]
Re:Why do we immediately assume GoDaddy will suck? (Score:4, Informative)
If their service slips does that mean that they'll not longer shill bid on their own domain auctions, improperly block users from transferring domains to other registrars and arbitrary suspend registrants like seclist.org? Anyone who uses GoDaddy as a registrar is ignorant of what they do.
Re:It's expensive.. (Score:3, Informative)
correct, there is a 2500$ non-refundable fee, plus a 175000$ payment upon approval, plus you must have 70000 extra just in case, plus you must prove that you can run a profitable operation and tons of other impediments.
ICANN and verizon control everything and they want to keep it that way.
We are actually thinking about an open source registrar model, but those costs are making it very difficult.
There is a great market there, ICANN only charges like 23cents a year for the name, godaddy and the rest of the registrars are making a killing! profit from it, 48000 domains, you make the numbers!
GKG and InternetX support DNSSEC (Score:4, Informative)
I strongly recommend using GKG.net, as they have the best (automated) XML interface that I know of. See their documentation [gkg.net]
InternetX also has a good interface, but it is a little more complex to get going.
Those, as well as GoDaddy, which you can only process using ugly web scraping with BeautifulSoup and Mechanize, were the first ones we supported in our DNSSEC Signer product.
Paul Wouters, DNSSEC Evangelist at Xelerance
Re:DynDNS does it (Score:4, Informative)
Yep, we support DNSSEC on .com, .net, .org, .biz, and .se. No need to use us for DNS (although you certainly can, any DynECT Managed DNS products support DNSSEC).