[dns-operations] Question to DNSSEC and DLV policy
Michael Monnerie
michael.monnerie at is.it-management.at
Thu Mar 19 10:42:11 UTC 2009
On Donnerstag 19 März 2009 Ralf Weber wrote:
> DNSSEC and DLV are different things. We e.g plan to deploy DNSSEC
> without
> DLV at all. The plan that we have for deployment probably makes sense
> for
> other ISPs also, so I sketch it out quickly:
> - Offer customer an DNSSEC aware alternative resolver. We will use
> IANA ITAR ( https://itar.iana.org/ ) and RIPE NCC (
> https://www.ripe.net/projects/disi//keys/index.html ) as trust
> anchors, but you could also use DLV here.
So DLV, ITAR and NCC are all the same, just from different sources?
As I understand it, DLV provides a "shortcut" to domains within TLDs
which do not provide DNSSEC so far. I could use DNSSEC for my zmi.at
despite .at not providing DNSSEC today by entering zmi.at into dlv. Is
that correct?
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0660 / 415 65 31 .network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4
More information about the dns-operations
mailing list