[dns-operations] Online DNSSEC debugging tool now availalbe

Joe Abley jabley at hopcount.ca
Mon Jul 19 19:31:32 UTC 2010

On 2010-07-19, at 13:35, bmanning at vacation.karoshi.com wrote:

>> Because .org rolled their key, changed the DS in ., and didn't publish
>> a new TA?
> 	sounds irresponsible to me.

I don't understand this. We've heard from numerous TLDs for whom a DS record in the root zone *is* the method they choose to publish a trust anchor. Some of them have been waiting for the root before signing their zones precisely because they didn't want to publish their trust anchor in any other way. Others published their trust anchors in other ways as an interim measure.

Are you saying you think there are TLDs who have made the conscious decision to support multiple methods of trust anchor publication, root zone and elsewhere? Who are they?


More information about the dns-operations mailing list