DNSSEC submit of DLV vs DNSKEY records?
Stephane Bortzmeyer
bortzmeyer at nic.fr
Mon May 9 06:58:52 UTC 2011
On Fri, May 06, 2011 at 12:45:17PM +1000,
Mark Andrews <marka at isc.org> wrote
a message of 52 lines which said:
> Once the parent zone is signed and is accepting DS/DNSKEY records
"is accepting" is not sufficient. Many TLD are managed in a strict
registry/registrar fashion which means that it is not enough for the
registry to accept DS records, the registrar have to do it, too.
Two real-world examples:
* .FR accepts DS records but, today, all the records come from one
registrar. The others are not ready yet.
* I cannot sign my domains (such as bortzmeyer.org), although there are
in signed TLDs, since my registrar is still not DNSSEC-ready (and it
would be ridiculous to switch to another registrar just for DNSSEC:
this technique is not important enough to make me forget the other
criteria for choosing a registrar).
So, DLV at ISC is still very useful and will be for a long time.
More information about the bind-users
mailing list