We encountered the same issue. DNSSEC records get removed on transfer and have to be re
(As it is with all Domain Information (Owner, Admin, DNS Records etc)
I have not tried yet to register two domains with the same key, as all our domains have
different keys anyway.
On 11/05/15 14:18, Benoit Panizzon wrote:
Hmm, I'm now also forced to transfer my domains to a new registrar :-). I had
to select one of the few that support DNSSEC and IPv6 Glue Records and publish
IPv6 addresses for their own DNS Servers.
But the transfers is a big bumpy... First I got a duplicate key error, related
to the fact, that I signed all my domains with the same key. That was not a
problam at Switch, but the new registrar claims my domains need a unique key
each, for which I can manage the glue records _after_ the transfer.
The registrar tells me, Switch does not support transfering signed domains. In
case of a .ch domain, the 'SEC' key would need to be removed prior to the
The switch 'transfer' helpdesk told me, that they have not yet heard about
that problem and transfering signed domains should not be a problem. But I got
the feeling that the agent was not so well informed about the topic DNSSEC.
So did anyone succeed to transfer a signed domains from one registrar to
another? Or is it mandatory to first remove the DS glue records at switch?
PS: At IMP we also ended up with multiple copies of our 'DNS Admin' Switch NIC
handle at the different registrars to which we have no access anymore because
those handels are now owned by customer who transfered their domains.
Wouldn't it be a future improvement to have some kind of handles shared by all
the registrars? Solved by openid or a similar technique?
Mit freundlichen Grüssen
Matthias Cramer / mc322-ripe Senior Network & Security Engineer
iway AG Phone +41 43 500 1111
Badenerstrasse 569 Fax +41 44 271 3535
CH-8048 Zürich http://www.iway.ch/
GnuPG 1024D/2D208250 = DBC6 65B6 7083 1029 781E 3959 B62F DF1C 2D20 8250