On 6/3/21 23:41, babydr DBA James W. Laferriere wrote:
The Signing of the 'Zone' , Can the 'Zone' be signed by a
self-signed key ? Or MUST I (and others) rely on a external
certificate authority ?
Mind you I notice in rfc6487 (note(s)) about self-signed
certificates .
So Maybe I am being a bit over worried about having to spend more
money just to keep my 2 ip-ranges routing in light of the RPKI
initative(s) .
Which Mr. Andrews response below answers quite succinctly ,
Indeed! Thanks, Mark.
Yeah, it's never been obvious or apparent to me that self-signed keys
for DNSSEC would not be honoured.
My personal zone, as well as my company's one, are both self-signed.
They've both been working reasonably well, so far.
Mark.
