[dns-operations] DNSSEC in the root, please help me understand

Stephane Bortzmeyer bortzmeyer at nic.fr
Fri Jan 15 20:20:51 UTC 2010

On Fri, Jan 15, 2010 at 11:00:28AM -0800,
 Matthew Dempsky <matthew at dempsky.org> wrote 
 a message of 10 lines which said:

> Even after the root zone is signed, it still won't do any good for
> .com users (until .com is signed too).

Yes, DNSSEC is "opt-in". Like PGP. If you don't sign your messages,
PGP won't help you :-)

Verisign announced the signing of .COM for 2011. If you're too
impatient to wait, use another TLD or simply register your .COM domain
in ISC DLV registry.

More information about the dns-operations mailing list