DNSSEC validation via DLV
Mark Elkins
mje at posix.co.za
Thu Jul 18 07:16:40 UTC 2019
I can't comment on com.au (but looking up the Nameservers, I see the AD
bit set - so DNSSEC appears to be in use..
However, co.za (and net.oza, org.za & web.za) which are managed by the
ZACR (and DNS) - they are all signed and I personally have domains under
these second levels - all running DNSSEC. The DS records are added to
the parents using EPP - and it works perfectly. I used to present free
(to the community) DNS classes to the community (the ZACR paid me) and
this (DNSSEC) was taught to attendees. Unfortunately, no more classes
for now.
DNSSEC in CO.ZA became live at about the time DLV stopped running. The
other SLD's had already been running for about a year.
For the record, EDU.ZA is also signed and can accept DS records - albeit
via a Web interface.
@peek - you are most welcome to chat to me.
On 2019/07/18 04:34, peek at vspace.co.za wrote:
> With DLV (DNSSEC Lookaside Validation) having been decommissioned,
> though zones still exists that does not provide a fully signed path
> from root to zone, i.e. .com.au , co.za etc, how would an
> administrator enable / implement DNSSEC validation for these zones ?
>
>
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark James ELKINS - Posix Systems - (South) Africa
mje at posix.co.za Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190718/eaf947ce/attachment.html>
More information about the bind-users
mailing list