[dns-operations] Question to DNSSEC and DLV policy

Michael Monnerie michael.monnerie at is.it-management.at
Thu Mar 19 10:42:11 UTC 2009

On Donnerstag 19 März 2009 Ralf Weber wrote:
> DNSSEC and DLV are different things. We e.g plan to deploy DNSSEC  
> without
> DLV at all. The plan that we have for deployment probably makes sense
>   for
> other ISPs also, so I sketch it out quickly:
> - Offer customer an DNSSEC aware alternative resolver. We will use
> IANA ITAR ( https://itar.iana.org/ ) and RIPE NCC (
> https://www.ripe.net/projects/disi//keys/index.html ) as trust
> anchors, but you could also use DLV here.

So DLV, ITAR and NCC are all the same, just from different sources?

As I understand it, DLV provides a "shortcut" to domains within TLDs 
which do not provide DNSSEC so far. I could use DNSSEC for my zmi.at 
despite .at not providing DNSSEC today by entering zmi.at into dlv. Is 
that correct?

mfg zmi
// Michael Monnerie, Ing.BSc    -----      http://it-management.at
// Tel: 0660 / 415 65 31                      .network.your.ideas.
// PGP Key:         "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38  500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net                  Key-ID: 1C1209B4

More information about the dns-operations mailing list