[afnog] Signing root zone

Stephane Bortzmeyer bortzmeyer at nic.fr
Thu Nov 6 13:33:31 UTC 2008

On Thu, Nov 06, 2008 at 09:40:41AM +0000,
 alain aina <aalain at trstech.net> wrote 
 a message of 18 lines which said:

> Just wondering if  people here are informed about what is going about   
> DNSSEC deployment 

BTW, trstech.net is *not* resolvable with a DNSSEC resolver using
DLV. There is a DLV record at dlv.isc.org but the zone is not signed
(the DNSSEC equivalent of a lame delegation).

As a result, my BIND resolver yielded SERVFAIL.

(Thanks to Gilles Massen of the ".lu" registry for the technical

This emphasizes several points:

* DNSSEC requires much more professionalism,

* DNSSEC allows you to shoot yourself in the foot quite easily.

More information about the afnog mailing list