Necessity of DNSSEC Lookaside Validation(DLV)
Mark Andrews
Mark_Andrews at isc.org
Thu Apr 9 22:47:25 UTC 2009
In message <OF758F8C39.111B02F0-ON65257593.0058CA75-65257593.00591800 at itc.co.in
>, Chandan Laskar writes:
>
> Thanks Mark.
>
> Can somebody provide me list of parent zone which has already signed? or
> any website to get this information?
You really only need to care if your parent zones are signed or
not.
The following tld's are currently signed, bg, br, cz, gov,
museum, pr, se and th.
Other tlds are currently planning to be signed.
> Also not understood about SEP. Can you please tell me what is the full
> form of that?
SEP is a secure entry point. It is the DNSKEY which is
identified by the DS / DLV record in the parent / DLV zone.
The DS/DNSKEY (or DLV/DNSKEY) pairs provide the cryptographic
linkage between the zones that enable a trust path to be
made. Inside the zone it is the DNSKEY/RRSIG pairs which do
a similar job.
Mark
> Thanks and regards,
> Chandan Laskar
> 2nd Floor Data Center, ITC Center,
> 4, Russel Street, Kolkata - 700 016
> Phone:(033)-22889900 Extn.: 3944
> (0)-9830057396 (M)
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list