.IN Domain is DNSSEC enabled or not

Laurent Bauer l.bauer at mailclub.fr
Fri Jan 6 17:14:04 UTC 2012


On 06/01/2012 09:03, Kevin Oberman wrote:
> What this shows is that IN itself is signed in the root This is the
> first step in a TLD accepting DS records from sub-domains, but does not
> mean that they are ready to do so. You would really need to contact
> whoever manages .in and ask them if they are accepting keys. Also, even
> if you find a DS record in .in, it may not indicate that they are ready
> to open the doors to general addition of DS records. They may be testing
> and developing tools to handle them and have just a few test cases. I
> know that when I got a DS record added for a zone I handled  that it was
> a mostly manual operation to test and confirm that things were working
> when the registry was not yet ready to accept DS keys in any standard way.

Hello,

Yes indeed, a testing phase has opened a couple of month ago, it looks
like the registry will soon be ready to accept DS :
  http://www.registry.in/DNSSEC_Deployment

You might want to ask your registrar(s) if they plan to implement DNSSEC
with the .in registry.

Regards,

	Laurent Bauer



More information about the bind-users mailing list