Thanks for this PR. How are you generating the CERT record to add? The CERT record supports many certificate types so its not feasible to add support for all of the types and compute key tag for them. Thus have this question as to how you are generating these records currently? This PR addresses just the API so are you planning to use just the API?

It depends on where you want to use the CERT record. In my case, I created (I)PGP records, which I want to add via the UI. The contents of these records are generated by an optional tool in the GNU PG package.

If you want to learn more about PGP CERT records, there's a nice blog post that describes three options for adding a PGP certificate to DNS.

It depends on where you want to use the CERT record. In my case, I created (I)PGP records, which I want to add via the UI. The contents of these records are generated by an optional tool in the GNU PG package.

If you want to learn more about PGP CERT records, there's a nice blog post that describes three options for adding a PGP certificate to DNS.

Thanks for the details. The blog link you share is generating the CERT record as a generic zone file record entry which you can already use with the Import Zone option.

In that case, there is really no need to implement support for the CERT record. Since in any case, the GUI implementation for the CERT record will be asking you to enter cert data in binary format (either hex or base64), it is not really helping the user to create a record in the same way like it does for records like TLSA.