Validating a DNSSEC installation
Hauke Lampe
list+bindusers at hauke-lampe.de
Fri Jun 12 02:58:51 UTC 2009
On Fri, Jun 12, 2009 at 04:29:11 +0200, Hauke Lampe wrote:
> Future reference: Once .org completes their testing phase *and* your
> registrar allows you to register DS records for your domain, queries
> should also return AD when validated against the ITAR trust anchor
> repository (at https://itar.iana.org/):
>
> dig +adflag lotspeich.org @149.20.64.22
I got that one wrong. My apologies. That resolver uses IANA's version of a
signed root (https://ns.iana.org/), not ITAR.
Personally, I don't expect to add DS records for my .org domains within the
next two or three years, anyway. By the time the domain registration
services I use add working DS support, the root zone could possibly already
be signed.
Hauke.
More information about the bind-users
mailing list