[dns-operations] .com DNSSEC operational message

Matt Larson mlarson at verisign.com
Tue Mar 1 15:03:17 UTC 2011

On Fri, 28 Jan 2011, Matt Larson wrote:
> The .com DNSSEC deployment consists of the following major milestones:
> [...]
> February 28, 2011: A deliberately unvalidatable .com zone will be
> published.  Any DS records for .com that have been submitted by
> registrars will be published in the deliberately unvalidatable zone.

FYI, the deliberately unvalidable .com zone started its rollout
yesterday on schedule:

$ dig +short @m.gtld-servers.net dnskey com
257 3 8 AwEAAa9Lp++++++++++++++++THIS/IS/AN/INVALID/KEY/AND/SHOU LD/NOT/BE/USED/CONTACT/INFO/AT/VERISIGN+GRS/DOT/COM+++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++8=
256 3 8 AwEAAa2CM++++++++++++++++THIS/IS/AN/INVALID/KEY/AND/SHOU LD/NOT/BE/USED/CONTACT/INFO/AT/VERISIGN+GRS/DOT/COM+++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++8

(Note that some .com/.net servers are anycast, so the version of
m.gtld-servers.net that you see might not have the signed and blinded
zone yet.)


More information about the dns-operations mailing list