FRED Registry Lock

Jaromir Talir jaromir.talir at nic.cz
Mon Jul 27 12:12:11 CEST 2015


On Mon, 2015-07-27 at 11:08 +0200, Mark Elkins wrote:
> On Mon, 2015-07-27 at 10:50 +0200, Mathias Timothy wrote:
> > Hello everyone,
> 
> > Can someone help on:
> > 
> > 1.       How to lock a domain in the registry to prevent the 
> > registrar
> > form updating, transferring and deleting the domain.

Registry lock is done by registrant request to registry on dedicated
website. In FRED this website is part of fred-whois package. I guess
that it has url /whois/publicrequest.py bu default. At this website
registrant can ask to lock domain. Registrant must then send officially
signed paper to confirm his authenticity. Registry administrator
confirms lock in web administration tool upon checking valid signature
on paper.

More info here http://fred.nic.cz/files/fred/fred-locking.pdf

> I'm curious, will this block DNSSEC updates?
> 
> Would a Registrar Update-Lock block DNSSEC updates?
> 
> Hmm..

FRED has dedicated object called Keyset to maintain dnssec material
(DNSKEY objects). You can update keyset even if domain is locked for
updates. If you want to block Keyset updates you have to ask to lock
Keyset the same way how domain is locked. So even when domain is
locked, registrar can still rotate keys (for example). However
registrar cannot unlink keyset from domain.

Jaromir

> > 
> > Thanks in advance 
> > Regards,
> > Timothy
> 
> 
> _______________________________________________
> fred-users mailing list
> fred-users at lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/fred-users
-- 
Jaromir Talir
technicky reditel / Chief Technical Officer
-------------------------------------------
CZ.NIC, z.s.p.o.  --    .cz domain registry
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:jaromir.talir at nic.cz  http://nic.cz/
sip:jaromir.talir at nic.cz tel:+420.222745107
mob:+420.739632712       fax:+420.222745112
-------------------------------------------




More information about the fred-users mailing list