How to Setup DNSSEC

Mark Andrews marka at isc.org
Wed Oct 17 03:17:08 UTC 2012


In message <507E212E.5090904 at riseup.net>, pangj writes:
> ÓÚ 2012-10-17 10:54, Mark Andrews дµÀ:
> > There is no DS for udp53.org so there is no secure trust chain.
> 
> does this mean .org has not been signed?

No.  It means that there is no DS for udp53.org.

For udp53.org to validate as secure there needs to the following
set to records.

	. DNSKEY
	ORG DS
	ORG DNSKEY
	UDP53.ORG DS	 # Missing
	UDP53.ORG DNSKEY

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list