[Systems] Gandi support status for AAAA and DNSSEC (was Re: Fwd: Gandi donates large amount of account credit to Conservancy for VPS's, domain registration, and SSL certificates)
bernie at sugarlabs.org
Thu Aug 2 15:22:37 EDT 2012
On Thu, 2012-08-02 at 11:46 -0400, Bradley M. Kuhn wrote:
> Bernie Innocenti wrote at 14:08 (EDT) on Wednesday:
> > I transferred the SL domains from Gandi to name.com a few years ago
> > because Gandi did not support setting DS records in the .org tld (for
> > DNSSEC support), nor AAAA glue records (for full IPv6 support).
> AAAA records appear to be available from the default Gandi control panel
> for Gandi-hosted DNS.
I meant the "AAAA glue records" that the registrar needs to store into
the .org TLD to break the circular dependency between a domain and its
> Sadly, Gandi still says in the panel:
> >>> It is not currently possible to use DNSSEC with Gandi's DNS servers.
> So, they support it only as a secondary DNS server. They have no way to
> host it themselves:
> However, it seems this would work for you, no? It seems sugarlabs.org
> uses its own DNS servers:
> Name Server:NS1.CODEWIZ.ORG
> Name Server:NS1.SUGARLABS.ORG
> Name Server:NS2.SUGARLABS.NET
We do maintain our own DNSSEC keys and sign the zones ourselves.
However, there's still one bit of work that must be done by the
registrar: store our "Delegation Signer" record into the .org zone to
enable external sites verify our signature recursively:
Sugar Labs Infrastructure Team
More information about the Systems