[dns-operations] DNSSEC in the root, please help me understand

Paul Vixie vixie at isc.org
Sat Jan 16 05:20:35 UTC 2010

> Date: Fri, 15 Jan 2010 11:00:28 -0800
> From: Matthew Dempsky <matthew at dempsky.org>
> I'm not talking about a non-DNSSEC root name server.  Even after the root
> zone is signed, it still won't do any good for .com users (until .com is
> signed too).  The root zone servers aren't signing the .com NS records,
> and they aren't signing the gtld-servers glue records.

.com registrants and anyone else whose parent or some other ancestor is not
signed, see http://dlv.isc.org/.

More information about the dns-operations mailing list