CDS use case example

gistfile1.txt

https://tools.ietf.org/html/draft-ietf-regext-dnsoperator-to-rrr-protocol-04

1/ Check if service is available for your TLD:

In [15]: sess.get('https://rdap.gandi.net/domain/rdap.lol').json()['links']
Out[15]: [... {'href': 'https://cdscheck.gandi.net/v1/domains/rdap.lol/cds',
  'rel': 'https://rdap.io/tpda/cdscheck'}]

2/ Enable DNSSEC for domain:
In [12]: sess.post('https://dns.api.gandi.net/api/v5/domains/rdap.lol/keys', json={'flags': 257})
Out[12]: <Response [201]>

3/ DS check
In [17]: cds.post('https://cdscheck.gandi.net/v1/domains/rdap.lol/cds').text
Out[17]: '{"challenge": "ebf031773c7a03e69434c85b99af2218eab9b4e2f0dd02174cd7459ee02baa64"}'

4/ Add challenge [.. 03 -> the TXT name is changing to _delegate.<domain> ]
In [22]: sess.put('https://dns.api.gandi.net/api/v5/domains/rdap.lol/records/@/TXT',
     ..:   json={'rrset_values':['ebf031773c7a03e69434c85b99af2218eab9b4e2f0dd02174cd7459ee02baa64']}).text
Out[22]: '{"message": "DNS Record Created"}'

5/ Submit DS check again
In [23]: cds.post('https://cdscheck.gandi.net/v1/domains/rdap.lol/cds').text
Out[23]: '{"status": "success", "rel": 99439172}'

6/ Profit
; <<>> DiG 9.11.0-P2 <<>> +dnssec rdap.lol TXT
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22587
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;rdap.lol.			IN	TXT

;; ANSWER SECTION:
rdap.lol.		10800	IN	TXT	"ebf031773c7a03e69434c85b99af2218eab9b4e2f0dd02174cd7459ee02baa64"
rdap.lol.		10800	IN	RRSIG	TXT 13 2 10800 20171005000000 20170914000000 6825 rdap.lol. T7mej1s/+BbWoK/w3YD/IIvsinCPqGtCB6fYkS6GSNIou5UEppm1X+rF R8qj6ix2a7uNynushcxRv+qxf1aRVQ==

;; Query time: 432 msec