Thanks for details. -dani
On Fri, May 21, 2010 at 9:04 AM, Chris Thompson <c...@cam.ac.uk> wrote: > On May 21 2010, itservices88 wrote: > > I heard that root zone will be signed (or is already signed), >> > > It's in DURZ mode. Read all about it at http://www.root-dnssec.org/ > > > so what >> changes would be required with respect to the current additions of adding >> dlv.isc.org as trust anchor and its associated trusted key ? Do we need >> to >> keep the isc dlv ? or add a new key for the root ? >> > > I don't know whether ISC are planning to add a DLV record for the > root to the isc.dlv.org zone. (When I asked on another list whether > that would work, Mark Andrews told me "of course it would".) If > not, then it will certainly be desirable to add a trust anchor > for the root zone, as (for example) the IANA ITAR will stop being > imported into dlv.isc.org at some point, as it will cease to exist. > > But large parts of the DNS tree will remain disconnected from the > root vis-a-vis DNSSEC, for quite a while, so you should plan to keep > using dlv.isc.org as well. (I am assuming you are not opposed to DLV > in principle if you are already using it...] I would plan to review > the situation in mid-2011 after "com" has been signed for a decent > length of time. > > -- > Chris Thompson > Email: c...@cam.ac.uk >
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
