[afnog] Signing root zone
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Nov 6 13:33:31 UTC 2008
On Thu, Nov 06, 2008 at 09:40:41AM +0000,
alain aina <aalain at trstech.net> wrote
a message of 18 lines which said:
> Just wondering if people here are informed about what is going about
> DNSSEC deployment
BTW, trstech.net is *not* resolvable with a DNSSEC resolver using
DLV. There is a DLV record at dlv.isc.org but the zone is not signed
(the DNSSEC equivalent of a lame delegation).
As a result, my BIND resolver yielded SERVFAIL.
(Thanks to Gilles Massen of the ".lu" registry for the technical
analysis.)
This emphasizes several points:
* DNSSEC requires much more professionalism,
* DNSSEC allows you to shoot yourself in the foot quite easily.
More information about the afnog
mailing list