Re: [swinog] .ch registrars : goodbye nic.ch, but where to go then ?

Hi Benoit Transfer of a DNSSEC signed domain is supported by SWITCH, of course. The problem is that many registrars fail to accept a DNSSEC signed domain which has *two* or more DS records for a single DNSKEY. As SWITCH used to publish digest type 1, 2 (and later 4) for each signed domain (if you were a direct customer of SWITCH) this setup is common. If I remember correctly, there are still about 180 such domain names in ch. Me privately as well as at SWITCH we stumbled over this issue when transferring a signed domain. There are two workarounds: 1) you remove DNSSEC for your domain during the transfer 2) you tell SWITCH to remove all but *one* DS record for your signed domain. Afterwards, the transfer works just fine. In the mean time, SWITCH is trying to educate the registrars we know of who have problems with accepting signed domains with more then one digest. If you don't mind, please send me the name of the registrar directly. We are also in the process of implementing a DNSSEC test procedure which registrars have do before they can send/receive DNSSEC data over EPP. Maybe we should have done this earlier. Daniel -- SWITCH Daniel Stirnimann, SWITCH-CERT Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland phone +41 44 268 15 15, direct +41 44 268 16 24 daniel.stirnimann(a)switch.ch, http://www.switch.ch