[dns-operations] DNSSEC, IPv6 glue, multiple DNS servers, and eating your own dog food

Vernon Schryver vjs at rhyolite.com
Mon Jul 23 12:14:58 UTC 2012

> From: Jan-Piet Mens <jpmens.dns at gmail.com>

> I'm sure Vernon meant:
> | A registrar that does not have DS records for its main domain names
> | *in the parent zone* might lack experience dealing with DNSSEC
> | registrations.

Yes, and contrary to how it looks, `dig example.com ds` displays
the DS rrset from the parent com zone if the resolver consulted by
`dig` does the least DNSSEC things and there's nothing broken.
You might use `dig +ad example.com` and look for the AD flag in the
result, but that's more typing and harder looking, if more accurate.

Vernon Schryver    vjs at rhyolite.com

More information about the dns-operations mailing list