Application describes way to change hosting on DNSSEC enabled domains without any downtime.
Domain Name System Security Extensions (DNSSEC) bring all sorts of security benefits, but it can make changing hosting providers more challenging.
Verisign has filed a patent for systems and methods for making the process of changing web hosts on a DNSSEC-enabled domain easier (pdf).
Here’s the challenge, as the company describes in its application named “Transfer of DNSSEC Domains”:
With the introduction of DNSSEC into vast registries, such as the .com and .net registries, DNS hosting transfer of a DNSSEC enabled domain brings with it the potential for resolution problems. Such problems may result in domains not resolving securely, or not resolving at all, which can have significant detrimental effects on e-commerce and other high-traffic sites. For DNSSEC, enabled domains, in addition to managing the switchover of nameservers, the change in registrars and/or hosts involves managing the Delegation Signer (DS) resource records in the parent zone and the list of DNSKEY records across the old and new child zones to ensure that the DNSSEC chain will continuously validate during the transfer.
And here’s the gist of what Verisign wants to patent:
Systems and methods of transferring a DNSSEC enabled domain from a losing hosting provider to a gaining hosting provider are described in which the transfer of the domain may be achieved without disruption to a DNSSEC validation of the domain. Systems and methods, such as those directed to registry and/or registrar servers, may include transferring a DNSKEY or Delegation Signer (DS) record from a gaining hosting provider to a losing hosting provider prior to transferring the domain from the losing hosting provider to the gaining hosting provider. A gaining hosting provider may sign DNS records of the domain with the gaining hosting provider DNSKEY prior to transferring the domain from the losing hosting provider to the gaining hosting provider. Additionally, a registry server, or similar device, may be configured to act as an intermediary between the losing hosting provider and the gaining hosting provider during the transfer process.
The application was filed April 1, 2011 and just published yesterday.