[dns-wg] Another DNSSEC action: add your DS to DLV (Was: NTIA NoI: does anyone care?
Stephane Bortzmeyer bortzmeyer at nic.fr
Tue Oct 21 11:25:58 CEST 2008
On Wed, Oct 15, 2008 at 10:44:34AM -0400, Edward Lewis <Ed.Lewis at neustar.biz> wrote a message of 18 lines which said: > This is why I think energy on this is better spent replying to the > NTIA than here. If you want to spend energy on DNSSEC deployment, you can also sign your zones, add them to a DLV registry such as the ISC one (*) and enable validation on your resolvers (and then handling your users's complaints). It will probably have a stronger effect than carefully crafting a reply which will probably be ignored, as all input from outside the US has been ignored in all forums since the take-over of the root. PS: thanks to the managers of ".br" and ".cz", the two first TLDs to appear in the ISC DLV registry. (*) Even if the root is signed, some TLD won't be signed overnight. Two good things about DLV is that it does not require the root to be signed and it does allow managers of SLD to be attached to a chain of trust even if their TLD is not signed.
[ dns-wg Archives ]