[dns-operations] Question about DNSSEC and .gov domains

Bill Owens owens at nysernet.org
Thu Feb 2 16:33:21 UTC 2012


On Thu, Feb 02, 2012 at 10:27:00AM -0600, Stephen Johnson wrote:
> The question isn't the first one that came to your mind. Our Chief
> Security Officer has been getting told that: 
> 
> "Federal officials have indicated that any .gov domains (like states)
> exchanging data with the feds will need to be DNSSEC compliant."

I don't know about that, but it seems likely that anyone (regardless of their TLD) exchanging data with the feds will need to be able to disable DNSSEC validation on demand in order to continue communicating with .gov domains that have borked their signing ;)

Bill.



More information about the dns-operations mailing list