Hi, We wrote this: https://salsa.debian.org/openstack-team/services/designate-tlds The interesting code bits are in: https://salsa.debian.org/openstack-team/services/designate-tlds/-/blob/debian/zed/designate_tlds/tlds.py What it does is download the TLD list from https://publicsuffix.org/list/public_suffix_list.dat using requests (with an optional proxy), compare it to the list of TLDs in Designate, and fix the difference. It's by default setup in a cron every week. Basically, it's just apt-get install designate-tlds, configure keystone_authtoken in /etc/designate-tlds/designate-tlds.conf and set dry_run=false, and you're done! Note I also wrote a patch for puppet-designate [1] to support it. Moving forward I see 2 solutions: 1- we continue to maintain this separately from Designate 2- our code gets integrated into Designate itself. Designate team: are you interested for option 2? Cheers, Thomas Goirand (zigo) [1] https://salsa.debian.org/openstack-team/puppet/puppet-module-designate/-/blob/debian/zed/debian/patches/add_designate_tlds_config.patch