[dns-operations] geant.org dnssec
dns at antoin.nl
Tue Feb 7 12:53:49 UTC 2017
Op 6 feb. 2017, om 17:08 heeft Dick Visser <dnmvisser at gmail.com> het volgende geschreven:
> To avoid any DNSSEC issues, we want to go unsigned before we change anything.
> And to my knowledge this is achieved by stop publishing a DS record in
> the parent zone.
You could better follow this approach, which will prevent DNSSEC breakage and going insecure altogether:
I believe the soon to be published EPP extension is even supported by TransIP, so they know how to import your new key:
It’s been successfully used in production with a number of .nl domains that do NSEC3 as well.
I’d say thats a safer alternative than going insecure.
Tweevoren 6, 5672 SB Nuenen, NL
M: +31 6 37682392
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the dns-operations