<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>I can't comment on com.au (but looking up the Nameservers, I see
the AD bit set - so DNSSEC appears to be in use..</p>
<p>However, co.za (and net.oza, org.za & web.za) which are
managed by the ZACR (and DNS) - they are all signed and I
personally have domains under these second levels - all running
DNSSEC. The DS records are added to the parents using EPP - and it
works perfectly. I used to present free (to the community) DNS
classes to the community (the ZACR paid me) and this (DNSSEC) was
taught to attendees. Unfortunately, no more classes for now.</p>
<p>DNSSEC in CO.ZA became live at about the time DLV stopped
running. The other SLD's had already been running for about a
year.</p>
<p>For the record, EDU.ZA is also signed and can accept DS records -
albeit via a Web interface.</p>
<p>@peek - you are most welcome to chat to me.<br>
</p>
<p><br>
</p>
<p>On 2019/07/18 04:34, <a class="moz-txt-link-abbreviated" href="mailto:peek@vspace.co.za">peek@vspace.co.za</a> wrote:<br>
</p>
<blockquote type="cite"
cite="mid:018801d53d11$622be580$2683b080$@vspace.co.za">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">With DLV (DNSSEC Lookaside Validation)
having been decommissioned, though zones still exists that
does not provide a fully signed path from root to zone, i.e.
.com.au , co.za etc, how would an administrator enable /
implement DNSSEC validation for these zones ?<o:p></o:p></p>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list
bind-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>
<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Mark James ELKINS - Posix Systems - (South) Africa
<a class="moz-txt-link-abbreviated" href="mailto:mje@posix.co.za">mje@posix.co.za</a> Tel: +27.128070590 Cell: +27.826010496
For fast, reliable, low cost Internet in ZA: <a class="moz-txt-link-freetext" href="https://ftth.posix.co.za">https://ftth.posix.co.za</a>
</pre>
</body>
</html>