DNSSEC external validation issues

Paul Wouters paul at xelerance.com
Sun Nov 13 02:49:57 UTC 2011


On Sat, 12 Nov 2011, Eduardo Bonsi wrote:

> I am trying to DNSSEC validate my external zone bonsi.org but I am hitting a 
> wall here. This is my first time trying to validate DNSSEC with some obvious 
> frustration. Maybe some one can point me what I am failing to do here.

As Evan said, your signed zone is not public yet.

> I entered the public key at the https://dlv.isc.org and I got the
>
> dlv.bonsi.org. 0 IN TXT "DLV:1:iedlibqenpcj"

The only reason to use DLV where the parent (in this case .org) is signed, is
if your registrar does not support receiving DNSSEC information and you cannot
move to another registrar.

In the end, you are better of using a registrar that supports DNSSEC, and then
you do not have to depend on DLV (which not everyone is using)

Paul



More information about the bind-users mailing list