Toggling DNSSEC on a domain

[WhyNotHugo]

I'm moving a few manually-managed domains into terraform, and I'd like to enable dnssec and do the key configuration via tf as well.

Can we have support for this? Or is the API missing support for this too (I can't find it via the API either).

[nlewo]

Did you try this resource: https://registry.terraform.io/providers/go-gandi/gandi/latest/docs/resources/dnssec_key ?

(I never tried it so i don't know if if it works as expected 😕)

[WhyNotHugo]

On Tue, 7 Mar 2023, at 12:09, lewo wrote: Did you try this resource: https://registry.terraform.io/providers/go-gandi/gandi/latest/docs/resources/dnssec_key ? (I never tried it so i don't know if if it works as expected 😕) — Reply to this email directly, view it on GitHub <#141 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAFSNO5LOV3TW6EI6P57EFTW24JQPANCNFSM6AAAAAAVPWEHNA>. You are receiving this because you authored the thread.Message ID: ***@***.***>

I saw this resource, but this seems to be for registering a DNSSEC key for a domain.. This is useful for people who are using external DNS servers and want to configure the the DNSSEC key in the upstream name servers. I’m using Gandhi’s nameservers, and what I'm asking for is a way to enable DNSSEC on those domains. -- Hugo

[WhyNotHugo]

On Tue, 7 Mar 2023, at 11:09, lewo wrote: Closed #141 <#141> as completed. — Reply to this email directly, view it on GitHub <#141 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAFSNO5BFFGUPGEW5EWOLVDW24JQNANCNFSM6AAAAAAVPWEHNA>. You are receiving this because you authored the thread.Message ID: ***@***.***>

Sorry, that's the reason for closing this issue? Is this an unacceptable request? I don't think pointing to the docs of something _vagely_ related and saying "I don't know if it works" is useful in the slightest.

…

-- Hugo

[nlewo]

@WhyNotHugo I closed it because i thought the resource was already existing, but this is apparently not the case.
Regarding the "I don't know if it works", i think we could open a more dedicated issue in case of bug.
Also, this provider is a community provider and we have to know some parts of it are really fragile.

Maybe i should have added "a feel free to reopen". Sorry for this, i reopen the issue.

[WhyNotHugo]

I tried looking a bit deeper into this, but I'm not sure if the actual APIs exist in order to build this feature. I don't think DNSSEC can currently be enabled via the API, right? I might have missed it.

[nlewo]

@WhyNotHugo I discussed with the Gandi domain team and currently, we don't expose a public route to do that. I asked them if it would be possible to add such kind of route (seems to be possible but no ETA yet).

Without the dedicated public route, it would also be possible to do it with several calls (create and get a liveDNS DNSSEC key and attach it to the domain): that would however be more work to implement it in the provider.