DNSSEC Status...
Stephane Bortzmeyer
bortzmeyer at nic.fr
Tue Jun 1 14:06:56 UTC 2010
On Tue, Jun 01, 2010 at 06:55:14AM -0700,
Heavy Man <heavyman66 at yahoo.com> wrote
a message of 61 lines which said:
> I understand the root zones are currently getting signed
There is only one root zone...
> Just for sanity sake, should I be able to DIG +dnssec
> a.gtld-servers.net and be able to see a RRSIG record
No, because a.gtld-servers.net is in an unsigned domain.
> (assume I have a valid dnssec recursive name server with a valid
> trust anchor configured).
That's not the point.
> I understand DNS is public information but why wouldn't the root be
> signed using nsec3 versus nsec?
Because the root is well-known and available in many ways (FTP, AXFR,
IANA Web site, etc).
More information about the bind-users
mailing list