FRED Registry Lock

Mathias Timothy timothy at sdnp.org.mw
Tue Jul 28 10:11:07 CEST 2015



> -----Original Message-----
> From: fred-users [mailto:fred-users-bounces at lists.nic.cz] On Behalf Of
> Jaromir Talir
> Sent: Monday, July 27, 2015 12:12 PM
> To: Mark Elkins; fred-users at lists.nic.cz
> Subject: Re: FRED Registry Lock
> 
> On Mon, 2015-07-27 at 11:08 +0200, Mark Elkins wrote:
> > On Mon, 2015-07-27 at 10:50 +0200, Mathias Timothy wrote:
> > > Hello everyone,
> >
> > > Can someone help on:
> > >
> > > 1.       How to lock a domain in the registry to prevent the
> > > registrar
> > > form updating, transferring and deleting the domain.
> 
> Registry lock is done by registrant request to registry on dedicated website.
> In FRED this website is part of fred-whois package. I guess that it has url
> /whois/publicrequest.py bu default. At this website registrant can ask to lock
> domain. Registrant must then send officially signed paper to confirm his
> authenticity. Registry administrator confirms lock in web administration tool
> upon checking valid signature on paper.
> 

Thanks a lot Jaromir for the VERY useful information. I  found it exactly as you expressed

If I may ask, Is it also possible to do it [lock the domain] from the command line [using FRED commands] or in a certain configuration file when the Registrant has sent the request for the lock of the domain through the web form??

Confirming the  lock of domain  in web administration tool is really convenient and great but I just want to know if it can be in another way as asked above.

Regards,

Timothy

> More info here http://fred.nic.cz/files/fred/fred-locking.pdf
> 
> > I'm curious, will this block DNSSEC updates?
> >
> > Would a Registrar Update-Lock block DNSSEC updates?
> >
> > Hmm..
> 
> FRED has dedicated object called Keyset to maintain dnssec material (DNSKEY
> objects). You can update keyset even if domain is locked for updates. If you
> want to block Keyset updates you have to ask to lock Keyset the same way
> how domain is locked. So even when domain is locked, registrar can still
> rotate keys (for example). However registrar cannot unlink keyset from
> domain.
> 
> Jaromir
> 
> > >
> > > Thanks in advance
> > > Regards,
> > > Timothy
> >
> >
> > _______________________________________________
> > fred-users mailing list
> > fred-users at lists.nic.cz
> > https://lists.nic.cz/cgi-bin/mailman/listinfo/fred-users
> --
> Jaromir Talir
> technicky reditel / Chief Technical Officer
> -------------------------------------------
> CZ.NIC, z.s.p.o.  --    .cz domain registry
> Milesovska 5, 130 00 Praha 3, Czech Republic mailto:jaromir.talir at nic.cz
> http://nic.cz/ sip:jaromir.talir at nic.cz tel:+420.222745107
> mob:+420.739632712       fax:+420.222745112
> -------------------------------------------
> 
> 
> _______________________________________________
> fred-users mailing list
> fred-users at lists.nic.cz
> https://lists.nic.cz/cgi-bin/mailman/listinfo/fred-users



More information about the fred-users mailing list