[dns-operations] Question to DNSSEC and DLV policy
Ralf Weber
denic at eng.colt.net
Thu Mar 19 11:25:07 UTC 2009
Moin!
On 19.03.2009, at 11:42, Michael Monnerie wrote:
> So DLV, ITAR and NCC are all the same, just from different sources?
No, they all supply trust anchors in some way, but the content is
different. ITAR will only supply TLD trust anchors where the TLD
operator has asked IANA to include it. RIPE NCC will only supply
trust anchors for zones it is responsible for (Reverse delegation
in the RIPE region).
DLV will provide a trust anchor for every zone that someone wants
to put in there.
> As I understand it, DLV provides a "shortcut" to domains within TLDs
> which do not provide DNSSEC so far. I could use DNSSEC for my zmi.at
> despite .at not providing DNSSEC today by entering zmi.at into dlv. Is
> that correct?
That is correct, but to have validation the resolver also would also
have to be DLV enabled. I wouldn't use the shortcut and instead use
a TLD that had DNSSEC for some time (.se).
So long
-Ralf
---
Ralf Weber
Platform Infrastructure Manager
Colt Telecom GmbH
Herriotstrasse 4
60528 Frankfurt
Germany
DDI: +49 (0)69 56606 2780 Internal OneDial: 8 491 2780
Fax: +49 (0)69 56606 6280
Email: rw at colt.net
http://www.colt.net/
Data | Voice | Managed Services
Schütze Deine Umwelt | Erst denken, dann drucken
*****************************************
COLT Telecom GmbH, Herriotstraße 4, 60528 Frankfurt/Main, Deutschland
* Tel +49 (0)69 56606 0 * Fax +49 (0)69 56606 2222 *
Geschäftsführer: Dr. Jürgen Hernichel (Vors.), Rita Thies *
Amtsgericht Frankfurt/Main HRB 46123 * USt.-IdNr. DE 197 498 400
More information about the dns-operations
mailing list