[dns-operations] Question to DNSSEC and DLV policy

Michael Monnerie michael.monnerie at is.it-management.at
Thu Mar 19 16:51:48 UTC 2009


Thanks to all who replied, I will not answer each mail but in sum I 
guess it's (a bit more) clear to me now. :-)

I got a private mail that next week there's a tech talk about DNSSEC 
here in Vienna, and I will attend in order to learn a bit more.

On Donnerstag 19 März 2009 Ralf Weber wrote:
> > As I understand it, DLV provides a "shortcut" to domains within
> > TLDs which do not provide DNSSEC so far. I could use DNSSEC for my
> > zmi.at despite .at not providing DNSSEC today by entering zmi.at
> > into dlv. Is that correct?
>
> That is correct, but to have validation the resolver also would also
> have to be DLV enabled. I wouldn't use the shortcut and instead use
> a TLD that had DNSSEC for some time (.se).

The resolver just needs to have the key of dlv trusted, if I'm right. 
And I guess the same goes for ITAR, while NCC would work "out of the 
box", right?

From the 2nd sentence: You mean I should register a .se zone just to 
have DNSSEC? I want DNSSEC for zmi.at and others, so .se can't help me. 
Or did I understand you wrong?

mfg zmi
-- 
// Michael Monnerie, Ing.BSc    -----      http://it-management.at
// Tel: 0660 / 415 65 31                      .network.your.ideas.
// PGP Key:         "curl -s http://zmi.at/zmi.asc | gpg --import"
// Fingerprint: AC19 F9D5 36ED CD8A EF38  500E CE14 91F7 1C12 09B4
// Keyserver: wwwkeys.eu.pgp.net                  Key-ID: 1C1209B4




More information about the dns-operations mailing list