6 Oct
2009
6 Oct
'09
7:16 p.m.
In case you don't want to go through the slides, I'd like to ask these questions:
1. If you are planning to receive DS records for any reason, how do you plan to do it? (You don't have to be a TLD to need to do this.) SIG(0) authenticated DNS updates
2. If you are operating DNS for people and are considering DNSSEC, have you thought about how the DS record will be passed to your customers' zones parents? I would like to use the same method as above. The initial public key exchange should be done via EPP/RRI or web frontend.
3. If you operate a recursive server, where to do plan to get DNSSEC public keys (for example, ISC's DLV)? The manually configured root key where key rollover is handled via RFC5011.