This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[dns-wg] Re: Another DNSSEC action: add your DS to DLV (Was: NTIA NoI: does anyone care?
- Previous message (by thread): [dns-wg] Another DNSSEC action: add your DS to DLV (Was: NTIA NoI: does anyone care?
- Next message (by thread): [dns-wg] Re: Another DNSSEC action: add your DS to DLV (Was: NTIA NoI: does anyone care?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Oct 23 11:16:08 CEST 2008
On Tue, Oct 21, 2008 at 10:59:46AM -0400, Paul Wouters <paul at xelerance.com> wrote a message of 10 lines which said: > Why should these be in the DLV ? Because, otherwise, how could I validate domains under ".br" and ".cz"? By trying to find a public key on their (https) Web site and adding it as a trust anchor? By exchanging PGP-signed email with Federico or Ondrej? This does not scale. > I'd rather see people configure their resolvers properly. What is a proper configuration? My BIND has: dnssec-enable yes; dnssec-lookaside . trust-anchor dlv.isc.org.; dnssec-validation yes; include "/etc/bind/trust-anchors"; // A few DNSKEY for domains // I was able to check personnally Better suggestions are welcome. > Will this cause people who use properly configured resolvers to send > DLV requests for those TLD's? If "properly configured" is the configuration above, yes :-)
- Previous message (by thread): [dns-wg] Another DNSSEC action: add your DS to DLV (Was: NTIA NoI: does anyone care?
- Next message (by thread): [dns-wg] Re: Another DNSSEC action: add your DS to DLV (Was: NTIA NoI: does anyone care?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]