On Friday we learned that Gandi.net is joining the ranks of domain name registrars supporting DNSSEC. In a blog post on their “Gandi Bar” site, “Thomas” outlines the level of support Gandi.net is providing and points over to a wiki post explaining in more detail how to set up DNSSEC for your domains.
It’s important to note that Gandi.net is not providing DNSSEC-signing services – and in fact you cannot use Gandi.net’s own DNS servers for hosting your DNS as their hosting servers do not provide DNSSEC support yet. However, if you host your DNS records on a service that does support DNSSEC, Gandi.net can handle all the relevant Delegation Signer (DS) records for you. We previously provided a step-by-step example of configuring DNSSEC in this manner using GKG.net. It seems that Gandi.net works in a similar manner although it appears you provide them with your full public key and they then generate the relevant DS records.
What is nice to see is that Gandi.net supports a wide range of top-level domains (TLDs), including:
- .fr (+ .re, .yt, .pm, .wf, .tf)
Further, in their blog post they commit to providing support for even more TLDs in the future. Given that ICANN’s list of DNSSEC-enabled registrars only lists a few registrars supporting multiple TLDs, this news out of Gandi.net is great to see.
We’ve queued them up to add to our list of tutorials for signing your domain with DNSSEC using domain name registrars and look forward to seeing more DNSSEC-signed domains coming out of Gandi.net customers.
P.S. Have you signed your domain today?