Free secondary servers supporting DNSSEC?
Robert Moskowitz
rgm at htt-consult.com
Sun Feb 17 17:25:34 UTC 2013
On 02/17/2013 12:11 PM, Vernon Schryver wrote:
>> From: Robert Moskowitz <rgm at htt-consult.com>
>> The Redhat docs on bind had a warning about not implementing features,
>> like DNSSEC if your secondaries doesn't support it. That is all I am
>> going on. I think I also saw it in some isc.org doc.
> In your position, I'd publish the RRSIG and NSEC* records (i.e. sign
> the zone) and see what breaks. Maybe I'm ignorant and naive about
> DNSSEC (I'd like to hear about it), but I'd expect nothing bad to
> happen with the secondaries. And if they're running such incredibly
> ancient code that something breaks, then they probably have serious
> security issues unrelated to DNSSEC that should disqualify them as
> secondaries.
>
> You'll have to do something like that while you fight with Network
> Solutions to deal with your DS records or switch to another registrar.
Hmm. My renewal is right about now. Perhaps I SHOULD switch at this
time...
I got my domain from them back in '95 and ran it on some NT code for a
number of years.
> My recollections of past mailing list comments as well as
> https://www.google.com/search?q=network+solutions+dnssec
> https://www.networksolutions.com/search.jsp?searchTerm=dnssec
> https://www.icann.org/en/news/in-focus/dnssec/deployment
> suggest that effort will be interesting. Have you started it?
>
> At the end of a long saga to get DS RRs for the handful of my domains,
> Tucows/Opensrs said "Please try not ask us do that again soon."
More information about the bind-users
mailing list