[dns-wg] automatic DS record updates in the RIPE database

At the end of his talk at the RIPE meeting this morning, Ondřej Caletka
mentioned his work on automated updates to DNSSEC delegations using CDS
records:

https://ripe77.ripe.net/programme/meeting-plan/dns-wg/

I commented at the mic to say that this is something I am very keen on. I
wrote `dnssec-cds` (an implementation of RFC7344 and section 4 of RFC8078)
to help improve DNSSEC automation, and it is included in BIND 9.12 and
later.

https://ftp.isc.org/isc/bind9/9.12.0/doc/arm/man.dnssec-cds.html

Ondřej's setup uses a special `mntner` with RIPE database API access to
indicate which zones should have their DS records updated automatically.
This is a nice way to control permissions when the update process is
running outside the RIPE database, but I expect it can be made neater if
it is integrated more closely.

I would like to help get RFC 7344 support into the RIPE database, so what
do we need to do next to make it happen?

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Hebrides, Bailey: Westerly backing southerly later, 5 to 7, occasionally
gale 8 at first in north Bailey. Rough or very rough, occasionally high at
first in north Bailey. Showers, rain later. Good, occasionally moderate.