When configuring a DNSSEC-aware resolver, what is a sensible set
of trust anchors to start with, at the present time?
The number of DLV records in dlv.isc.org is gradually increasing[*],
and it has recently acquired one for a second TLD ("cz." in addition
to "br."). But how much of the DNSSEC-aware namespace is actually
covered this way? There are TLDs (e.g. "se." and "bg.") that are
signed but do not appear in dlv.isc.org.
Are there other (competing?) DLV zones? Or other usefui collections
of trust anchors?
[*] How do I know? Well dlv.isc.org uses NSEC records and is
therefore "enumerable" :-) 113 DLV records at the end of July,
163 today.
--
Chris Thompson
Email: [EMAIL PROTECTED]
