> It depends on what you are trying to do... > > SSL certificates are not used in DNSSEC, so if you are talking about "to > deploy DNSSEC", then the answer is NO. > > If you are trying to secure your http, pop, imap, etc. sessions, and a > self-signed certificate is not enough then yes, you need to buy a > "certificate"
I'm talking about DNS SEC (signed zones)... so in other words I can't sign a zone with a CA issued certificate.
