On Wed, Jan 07, 2015 at 02:44:11PM -0500, James B. Byrne wrote:
> This is exactly our situation. We presently use DLV. I can get our
> upstream registrar to manually add DS RRs for our .com, .net; and I
> believe our .org tlds. But they will not do so for our principal tlds
> that belong to .ca.
Paul Wouters has a perfectly good DNSSEC .ca domain:
nohats.ca. IN MX 10 mx.nohats.ca. ; NOERROR AD=1
_25._tcp.mx.nohats.ca. IN TLSA 3 1 1
462573195c86e861abab8eccfbc7f0486958efdff9449ac10729b3a0f906f388 ; passed
Domain name: nohats.ca
Domain status: registered
Creation date: 2011/11/28
Expiry date: 2015/11/28
Updated date: 2014/10/30
DNSSEC: Signed
Registrar:
Name: Tucows.com Co.
> Nonetheless, as we have many domains registered
> with them, and have been using them since 2000 March 26, we are
> reluctant to change providers.
>
> CIRA's answer is to change registrars. That is the easy out, for them.
> The difficulty being the administrative and financial costs of doing
> so for us.
>
> So, we await developments and in the meantime employ DLV.
The "value" of DLV is rather limited, I personally would not bother.
If you actually want DNSSEC, switch registrars. Otherwise, wait for
yours to get on-board.
Anyway, this is somewhat off-topic for Postfix, so we should delve
into too deeply.
--
Viktor.
