[as112-ops] DNSSEC?

Rick Wesson rick at support-intelligence.com
Tue Jan 12 18:48:58 UTC 2010


though the process might seem hard, I bet we would learn alot and if those
lessons could get communicated back to the community I'd call it a valuable
exercise.

-rick


Shane Kerr wrote:
> Marco,
> 
> On Fri, 2010-01-08 at 08:37 +0100, Marco Davids wrote:
>> Hi there,
>>
>> Happy New Year everyone.
>>
>> I was wondering: are there any plans to deploy DNSSEC on the AS112
>> served zones in the future, including 'hostname.as112.net' itself?
> 
> Not AFAIK.
> 
>> (would it have added value to do so?)
> 
> It might break something somewhere, causing a DNS administrator to
> review their setup and properly configure their reverse DNS. That seems
> like added value! :)
> 
> Seriously though, I don't see much added value, and a number of
> problems. For example, unless all servers support DNSSEC, then some
> clients will get a signed result and some will not. Also, someone would
> need to take responsibility for signing the zone (IANA?), and we would
> need to define a way to distribute it.
> 
> --
> Shane
> 
> _______________________________________________
> as112-ops mailing list
> as112-ops at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/as112-ops



More information about the as112-ops mailing list