DNSSec and GoDaddy and IPv6 (cross-posted)

Frank Bulk frnkblk at iname.com
Tue Dec 8 00:50:11 CET 2015


Just for the record -- worked with GoDaddy over the last few weeks to find
out why I can't get DS keys added to a zone, onlyv6.com.  Their DS-adding
interface (selective and bulk) errors out.  

It culminated today with lots of back and forth with the front-line support
(that interfaces, via chat, with the Advanced Technical Support team).
After some red herrings about lack of connected to our nameservers (I had to
send screenshots that I could ping all three nameservers), a concern that a
nameserver didn't have a matching PTR record, and that not all nameservers
were at the same serial number (one was at a slightly older one), it came
down to that they require two working IPv4-enabled nameservers in order to
add a DS key.  Having an IPv6-only zone is apparently not acceptable.  Kudos
to the two front-line support reps that were professional and did their
level best (though one remarked he had never seen an IP address like that
before).

I suspect that GoDaddy's backend DS validation system has some kind of bug
that prevents contact with an IPv6-only zone.

Anyone know of a registrar that supports both IPv6 and DNSsec?

Frank




More information about the ipv6-ops mailing list