.IN Domain is DNSSEC enabled or not
Kevin Oberman
kob6558 at gmail.com
Fri Jan 6 08:03:27 UTC 2012
On Thu, Jan 5, 2012 at 10:08 PM, Gaurav Kansal <gaurav.kansal at nic.in> wrote:
> Dear All,
>
> I am new to DNSSEC.
> I purchase a new domain especially for testing dnssec.
> When i ask my domain seller to put my DS key in .IN Domain, they say that
> .IN Domain is still not ready for this But as per my knowledge .IN is
> DNSSEC ready.
> I do the *"dig @8.8.8.8 in. NS +dnssec"* query, and it is showing the
> RRSIG record in the query answer.
> It this is sufficient to prove that .IN Domain is DNSSEC enabled or i have
> to check something else.????
>
>
What this shows is that IN itself is signed in the root This is the first
step in a TLD accepting DS records from sub-domains, but does not mean that
they are ready to do so. You would really need to contact whoever manages
.in and ask them if they are accepting keys. Also, even if you find a DS
record in .in, it may not indicate that they are ready to open the doors to
general addition of DS records. They may be testing and developing tools to
handle them and have just a few test cases. I know that when I got a DS
record added for a zone I handled that it was a mostly manual operation to
test and confirm that things were working when the registry was not yet
ready to accept DS keys in any standard way.
--
R. Kevin Oberman, Network Engineer
E-mail: kob6558 at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120106/561f96ce/attachment.html>
More information about the bind-users
mailing list