On May 21 2010, itservices88 wrote:
I heard that root zone will be signed (or is already signed),
It's in DURZ mode. Read all about it at http://www.root-dnssec.org/
so what changes would be required with respect to the current additions of adding dlv.isc.org as trust anchor and its associated trusted key ? Do we need to keep the isc dlv ? or add a new key for the root ?
I don't know whether ISC are planning to add a DLV record for the root to the isc.dlv.org zone. (When I asked on another list whether that would work, Mark Andrews told me "of course it would".) If not, then it will certainly be desirable to add a trust anchor for the root zone, as (for example) the IANA ITAR will stop being imported into dlv.isc.org at some point, as it will cease to exist. But large parts of the DNS tree will remain disconnected from the root vis-a-vis DNSSEC, for quite a while, so you should plan to keep using dlv.isc.org as well. (I am assuming you are not opposed to DLV in principle if you are already using it...] I would plan to review the situation in mid-2011 after "com" has been signed for a decent length of time. -- Chris Thompson Email: c...@cam.ac.uk _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users