Not a difficult process really.. -Configure a DNSSEC enabled name server -Create a some zone keys (dnssec-keygen) -Sign your zone (dnssec-signzone) -Update your nameserver configuration to point to the signed zone file -Export your DS records (dsset) to the domain registration company (EPP).
Confirm the chain.. http://dnsviz.net/d/apnic.com.au/dnssec/ Mal On 18/07/2019 4:46 pm, Mark Elkins wrote: > I can't comment on com.au (but looking up the Nameservers, I see the AD > bit set - so DNSSEC appears to be in use.. > > However, co.za (and net.oza, org.za & web.za) which are managed by the > ZACR (and DNS) - they are all signed and I personally have domains under > these second levels - all running DNSSEC. The DS records are added to > the parents using EPP - and it works perfectly. I used to present free > (to the community) DNS classes to the community (the ZACR paid me) and > this (DNSSEC) was taught to attendees. Unfortunately, no more classes > for now. > > DNSSEC in CO.ZA became live at about the time DLV stopped running. The > other SLD's had already been running for about a year. > > For the record, EDU.ZA is also signed and can accept DS records - albeit > via a Web interface. > > @peek - you are most welcome to chat to me. > > > On 2019/07/18 04:34, p...@vspace.co.za wrote: > >> With DLV (DNSSEC Lookaside Validation) having been decommissioned, >> though zones still exists that does not provide a fully signed path >> from root to zone, i.e. .com.au , co.za etc, how would an >> administrator enable / implement DNSSEC validation for these zones ? >> >> >> _______________________________________________ >> Please visit https://lists.isc.org/mailman/listinfo/bind-users to >> unsubscribe from this list >> >> bind-users mailing list >> bind-users@lists.isc.org >> https://lists.isc.org/mailman/listinfo/bind-users > > > _______________________________________________ > Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users > _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
