dnssec dlv

itservices88 itservices88 at gmail.com
Fri May 21 16:12:04 UTC 2010

Thanks for details.


On Fri, May 21, 2010 at 9:04 AM, Chris Thompson <cet1 at cam.ac.uk> wrote:

> On May 21 2010, itservices88 wrote:
> I heard that root zone will be signed (or is already signed),
> It's in DURZ mode. Read all about it at http://www.root-dnssec.org/
>                                                             so what
>> changes would be required with respect to the current additions of adding
>> dlv.isc.org as trust anchor and its associated trusted key ? Do we need
>> to
>> keep the isc dlv ? or add a new key for the root ?
> I don't know whether ISC are planning to add a DLV record for the
> root to the isc.dlv.org zone. (When I asked on another list whether
> that would work, Mark Andrews told me "of course it would".) If
> not, then it will certainly be desirable to add a trust anchor
> for the root zone, as (for example) the IANA ITAR will  stop being
> imported into dlv.isc.org at some point, as it will cease to exist.
> But large parts of the DNS tree will remain disconnected from the
> root vis-a-vis DNSSEC, for quite a while, so you should plan to keep
> using dlv.isc.org as well. (I am assuming you are not opposed to DLV
> in principle if you are already using it...] I would plan to review
> the situation in mid-2011 after "com" has been signed for a decent
> length of time.
> --
> Chris Thompson
> Email: cet1 at cam.ac.uk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20100521/462c1f9d/attachment.html>

More information about the bind-users mailing list