[dns-operations] DNSSEC, IPv6 glue, multiple DNS servers, and eating your own dog food
Vernon Schryver
vjs at rhyolite.com
Mon Jul 23 12:14:58 UTC 2012
> From: Jan-Piet Mens <jpmens.dns at gmail.com>
> I'm sure Vernon meant:
>
> | A registrar that does not have DS records for its main domain names
> | *in the parent zone* might lack experience dealing with DNSSEC
> | registrations.
Yes, and contrary to how it looks, `dig example.com ds` displays
the DS rrset from the parent com zone if the resolver consulted by
`dig` does the least DNSSEC things and there's nothing broken.
You might use `dig +ad example.com` and look for the AD flag in the
result, but that's more typing and harder looking, if more accurate.
Vernon Schryver vjs at rhyolite.com
More information about the dns-operations
mailing list