[conspire] Gandi.net is my Jedi, now (was: Customer wants to give your firm money; support won't allow me)

Michael Paoli michael.paoli at berkeley.edu
Thu Jun 13 23:39:03 PDT 2024 

On Sat, Jun 8, 2024 at 2:09 AM Michael Paoli <michael.paoli at berkeley.edu> wrote:
>
> I'd like to see their API / web page have option, per domain,
> to enable management via CDS and/or CDNSKEY per RFC 7344, etc.
> ...
> Okay, I submitted request:
> Date: Sat, 08 Jun 2024 08:46:00 +0000
> Subject: [GANDI] Your request 155532 was received - API & Web: feature
> request: DNSSEC: add capability to manage via CDNSKEY/CDS records
> I'm not expecting they'll implement it anywhere close to overnight ...
> but perhaps by the time they roll out their next version of their API
> back-end).  They're currently up to their API version 5.

And yes, submitted, got response, and hopefully will be
implemented - at least at some point in future (see further below).

And compare that to, oh, e.g.
registrar(s) that can't even handle updating glue records:
https://www.wiki.balug.org/wiki/doku.php?id=system:registrars#jokercom
Or that struggle mightily with whois data and can't even handle
allowing one to manually renew domain(s)
for a year without setting up autorenew:
https://www.wiki.balug.org/wiki/doku.php?id=system:registrars#iwantmynamecom_key-systemsnet
Or that more than a decade on, still can't have an interface that
allows customers to set/update
IPv6 glue records, without having to go through creating support tickets:
https://www.wiki.balug.org/wiki/doku.php?id=system:registrars#namecheapcom
etc, etc.

So, yeah, best to pick registrar that doesn't suck.
And if ever things change on that ... yeah, sometimes becomes
time to move, e.g.:
https://www.wiki.balug.org/wiki/doku.php?id=system:registrars#dreamhostcom

Anyway, the response I got from Gandi on my feature request (first
time in about a decade I've had any reason to open a support request
with 'em ... mostly 'cause stuff "just works") ... and as far as I'm aware,
they don't have a separate "feature request" system or the like, at least
that I could easily spot.

From: Gandi Customer Care <help at support.gandi.net>
Date: Mon, Jun 10, 2024 at 8:28 AM
Subject: [Helpdesk Gandi] 155532 : API & Web: feature request: DNSSEC:
add capability to manage via CDNSKEY/CDS records
To: Michael Paoli <michael.paoli at berkeley.edu>

Thank you for contacting Gandi support, and for your interest in our
web solutions.

Thank you very much for this suggestion : I'll forward it to my
colleague developer which will discuss it,

I am at your disposal should you need any further information.

On 2024 M06 8 08:46:00 UTC, michael.paoli at berkeley.edu wrote:

API & Web: feature request: DNSSEC: add capability to manage via
CDNSKEY/CDS records

(feel free to merge with other similar requests you may have)

In making Gandi.net yet more awesome, it'd be great to have option on
DNSSEC for domain,

to enable automatic management of DS records via CDNSKEY/CDS (per RFC
7344, RFC 8078, etc.)

I'd imagine implementing this as a binary toggle on existing web page
and likewise setting in the API (so customers can opt-in for that
automation, or opt-out to only update DS via specific API or web
action with Gandi.net).

Furthermore on both Web page and API, I'd image also page that shows /
function that gets the status, would also include some bit more
information about it, e.g. text or link to text about how Gandi.net
implements and/or other relevant information (e.g. approximately how
frequently Gandi.net checks for and then acts upon the relevant
CDNSKEY/CDS records).  Might even display/return some status about
when last checked (if checked before), and (at least approximately)
when next check would occur (see also “check now” below).

Would also be good to have a “check now” functionality with
CDNSKEY/CDS enabled, would tell Gandi to check “now” (or as soon as
feasible), rather than whatever it's default periodic checks may be
(which might be significantly longer in cycle).  For API that could be
as simple as setting CDNSKEY/CDS checking enabled (whether it was
already enabled or not, that wold act like a “check now”).  Web
interface could have a simple “check now” button that would be enabled
if CDNSKEY/CDS checking is enabled.  And, of course, “check now” would
be reasonably rate limited, and may not be “instantaneous” - and
relevant text (or link to such) can also reasonably explain that -
both on web page, and also in informational return on API (e.g. an
additional info or text field returned).

And of course, GANDI.net, once having implemented such features, then
also has that as an additional feature to help obtain/retain more
customers.  :-)

More information about the conspire mailing list