[dns-operations] DNSSEC in the root, please help me understand
Paul Vixie
vixie at isc.org
Sat Jan 16 05:20:35 UTC 2010
> Date: Fri, 15 Jan 2010 11:00:28 -0800
> From: Matthew Dempsky <matthew at dempsky.org>
>
> I'm not talking about a non-DNSSEC root name server. Even after the root
> zone is signed, it still won't do any good for .com users (until .com is
> signed too). The root zone servers aren't signing the .com NS records,
> and they aren't signing the gtld-servers glue records.
.com registrants and anyone else whose parent or some other ancestor is not
signed, see http://dlv.isc.org/.
More information about the dns-operations
mailing list