[dns-operations] Question to DNSSEC and DLV policy
Michael Monnerie
michael.monnerie at is.it-management.at
Thu Mar 19 16:51:48 UTC 2009
Thanks to all who replied, I will not answer each mail but in sum I
guess it's (a bit more) clear to me now. :-)
I got a private mail that next week there's a tech talk about DNSSEC
here in Vienna, and I will attend in order to learn a bit more.
On Donnerstag 19 März 2009 Ralf Weber wrote:
> > As I understand it, DLV provides a "shortcut" to domains within
> > TLDs which do not provide DNSSEC so far. I could use DNSSEC for my
> > zmi.at despite .at not providing DNSSEC today by entering zmi.at
> > into dlv. Is that correct?
>
> That is correct, but to have validation the resolver also would also
> have to be DLV enabled. I wouldn't use the shortcut and instead use
> a TLD that had DNSSEC for some time (.se).
The resolver just needs to have the key of dlv trusted, if I'm right.
And I guess the same goes for ITAR, while NCC would work "out of the
box", right?
From the 2nd sentence: You mean I should register a .se zone just to
have DNSSEC? I want DNSSEC for zmi.at and others, so .se can't help me.
Or did I understand you wrong?
mfg zmi
--
// Michael Monnerie, Ing.BSc ----- http://it-management.at
// Tel: 0660 / 415 65 31 .network.your.ideas.
// PGP Key: "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38 500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net Key-ID: 1C1209B4
More information about the dns-operations
mailing list