FRED Registry Lock

Jaromir Talir jaromir.talir at
Mon Jul 27 12:12:11 CEST 2015

On Mon, 2015-07-27 at 11:08 +0200, Mark Elkins wrote:
> On Mon, 2015-07-27 at 10:50 +0200, Mathias Timothy wrote:
> > Hello everyone,
> > Can someone help on:
> > 
> > 1.       How to lock a domain in the registry to prevent the 
> > registrar
> > form updating, transferring and deleting the domain.

Registry lock is done by registrant request to registry on dedicated
website. In FRED this website is part of fred-whois package. I guess
that it has url /whois/ bu default. At this website
registrant can ask to lock domain. Registrant must then send officially
signed paper to confirm his authenticity. Registry administrator
confirms lock in web administration tool upon checking valid signature
on paper.

More info here

> I'm curious, will this block DNSSEC updates?
> Would a Registrar Update-Lock block DNSSEC updates?
> Hmm..

FRED has dedicated object called Keyset to maintain dnssec material
(DNSKEY objects). You can update keyset even if domain is locked for
updates. If you want to block Keyset updates you have to ask to lock
Keyset the same way how domain is locked. So even when domain is
locked, registrar can still rotate keys (for example). However
registrar cannot unlink keyset from domain.


> > 
> > Thanks in advance 
> > Regards,
> > Timothy
> _______________________________________________
> fred-users mailing list
> fred-users at
Jaromir Talir
technicky reditel / Chief Technical Officer
CZ.NIC, z.s.p.o.  --    .cz domain registry
Milesovska 5, 130 00 Praha 3, Czech Republic
mailto:jaromir.talir at
sip:jaromir.talir at tel:+420.222745107
mob:+420.739632712       fax:+420.222745112

More information about the fred-users mailing list