[dns-operations] Question to DNSSEC and DLV policy

Ralf Weber denic at eng.colt.net
Thu Mar 19 11:25:07 UTC 2009


On 19.03.2009, at 11:42, Michael Monnerie wrote:
> So DLV, ITAR and NCC are all the same, just from different sources?
No, they all supply trust anchors in some way, but the content is
different. ITAR will only supply TLD trust anchors where the TLD
operator has asked IANA to include it. RIPE NCC will only supply
trust anchors for zones it is responsible for (Reverse delegation
in the RIPE region).

DLV will provide a trust anchor for every zone that someone wants
to put in there.

> As I understand it, DLV provides a "shortcut" to domains within TLDs
> which do not provide DNSSEC so far. I could use DNSSEC for my zmi.at
> despite .at not providing DNSSEC today by entering zmi.at into dlv. Is
> that correct?
That is correct, but to have validation the resolver also would also
have to be DLV enabled. I wouldn't use the shortcut and instead use
a TLD that had DNSSEC for some time (.se).

So long
Ralf Weber
Platform Infrastructure Manager
Colt Telecom GmbH
Herriotstrasse 4
60528 Frankfurt
DDI: +49 (0)69 56606 2780 Internal OneDial: 8 491 2780
Fax: +49 (0)69 56606 6280
Email: rw at colt.net
Data | Voice | Managed Services

Schütze Deine Umwelt | Erst denken, dann drucken

COLT Telecom GmbH, Herriotstraße 4, 60528 Frankfurt/Main, Deutschland  
* Tel +49 (0)69 56606 0 * Fax +49 (0)69 56606 2222 *

Geschäftsführer: Dr. Jürgen Hernichel (Vors.), Rita Thies *  
Amtsgericht Frankfurt/Main HRB 46123 * USt.-IdNr. DE 197 498 400

More information about the dns-operations mailing list