Deploy360 6 March 2012

Gandi.net Adds Support For DNSSEC DS Records

By Dan YorkSenior Advisor

Gandi netOn Friday we learned that Gandi.net is joining the ranks of domain name registrars supporting DNSSEC. In a blog post on their “Gandi Bar” site, “Thomas” outlines the level of support Gandi.net is providing and points over to a wiki post explaining in more detail how to set up DNSSEC for your domains.

It’s important to note that Gandi.net is not providing DNSSEC-signing services – and in fact you cannot use Gandi.net’s own DNS servers for hosting your DNS as their hosting servers do not provide DNSSEC support yet. However, if you host your DNS records on a service that does support DNSSEC, Gandi.net can handle all the relevant Delegation Signer (DS) records for you. We previously provided a step-by-step example of configuring DNSSEC in this manner using GKG.net. It seems that Gandi.net works in a similar manner although it appears you provide them with your full public key and they then generate the relevant DS records.

What is nice to see is that Gandi.net supports a wide range of top-level domains (TLDs), including:

  • .be
  • .biz
  • .com
  • .de
  • .eu
  • .fr (+ .re, .yt, .pm, .wf, .tf)
  • .net
  • .se
  • .us

Further, in their blog post they commit to providing support for even more TLDs in the future.  Given that ICANN’s list of DNSSEC-enabled registrars only lists a few registrars supporting multiple TLDs, this news out of Gandi.net is great to see.

We’ve queued them up to add to our list of tutorials for signing your domain with DNSSEC using domain name registrars and look forward to seeing more DNSSEC-signed domains coming out of Gandi.net customers.

P.S. Have you signed your domain today?

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...