dnssec dlv
itservices88
itservices88 at gmail.com
Fri May 21 16:12:04 UTC 2010
Thanks for details.
-dani
On Fri, May 21, 2010 at 9:04 AM, Chris Thompson <cet1 at cam.ac.uk> wrote:
> On May 21 2010, itservices88 wrote:
>
> I heard that root zone will be signed (or is already signed),
>>
>
> It's in DURZ mode. Read all about it at http://www.root-dnssec.org/
>
>
> so what
>> changes would be required with respect to the current additions of adding
>> dlv.isc.org as trust anchor and its associated trusted key ? Do we need
>> to
>> keep the isc dlv ? or add a new key for the root ?
>>
>
> I don't know whether ISC are planning to add a DLV record for the
> root to the isc.dlv.org zone. (When I asked on another list whether
> that would work, Mark Andrews told me "of course it would".) If
> not, then it will certainly be desirable to add a trust anchor
> for the root zone, as (for example) the IANA ITAR will stop being
> imported into dlv.isc.org at some point, as it will cease to exist.
>
> But large parts of the DNS tree will remain disconnected from the
> root vis-a-vis DNSSEC, for quite a while, so you should plan to keep
> using dlv.isc.org as well. (I am assuming you are not opposed to DLV
> in principle if you are already using it...] I would plan to review
> the situation in mid-2011 after "com" has been signed for a decent
> length of time.
>
> --
> Chris Thompson
> Email: cet1 at cam.ac.uk
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100521/462c1f9d/attachment.html>
More information about the bind-users
mailing list