DNSSEC - DNS/domain providers that enable DANE DNS records [closed]

bind postfix dnssec

Our company registered domain "example.eu" with Gandi which has a "one click solution" to enable the DNSSEC for our domain's zone. So we enabled it, waited until dnsviz inspection tool showed us that our parent zone (.eu) got the hashed public KSK from Gandi and they published it in their DS record that now authenticates our zone "example.eu").

We were also expecting from Gandi to send us the private KSK so that we could continue the chain of trust but they haven't sent anything. On their site it is also impossible to add any kind of DNSSEC DNS records like TLSA, DS...

So it looks like they support DNSSEC but don't support DANE authentication... Probably they would loose some buisness because DANE works with self-signed certifficates and would prevent companies like Gandi to make easy money by playing a role of CA and selling certifficates. DANE is a direct replacement for system of stupid CA authorities that works with self-signed certifficates!

So does anyone know of a better domain registrar that would offer us ability to manually add DANE records like DS, TLSA...?

We need TLSA records support in order to authenticate Postfix e-mail server using DANE and we need DS records support to authenticate any other physical machine using DANE and therefore continue a chain of trust.


Gandi supports DANE TLSA records and further secure delegation (DS records) via their LiveDNS API:

RecordType

One of :

A, AAAA, ALIAS (not yet supported with dnssec-enabled domains), CAA, CDS, CNAME, DNAME, DS, KEY, LOC, MX, NS, OPENPGPKEY, PTR, SPF, SRV, SSHFP, TLSA, TXT, WKS

Related

Docker: Running a Linux distribution different from the one in the host
Roundcube restricts attachment below declared limit
How many charts are needed to cover a 2-torus?
What does $dx$ mean in differential form?
Writing a GCD of two numbers as a linear combination
Can numbers exist outside of the number space?
Tangent bundle of $S^1$ is diffeomorphic to the cylinder $S^1\times\Bbb{R}$
homeomorphism non-example
Evaluate $\frac{ 1 }{ 1010 \times 2016} + \frac{ 1 }{ 1012 \times 2014} + \frac{ 1 }{ 1014 \times 2012} + \cdots + \frac{ 1 }{ 2016 \times 1010} = ?$
What is the difference between Eigenvectors and the Kernel or Null Space of a matrix?
Solve $x^7-5x^4-x^3+4x+1=0$ for $x$
How find this integral $I=\int_{-1}^{1}\frac{dx}{\sqrt{a^2+1-2ax}\sqrt{b^2+1-2bx}}$