... > DNSKEY goes to fakessh.eu > DS goes to .eu, and I don't have any idea if registrars already permit it The .eu zone will accept the DS information (that is : registrar should inform us of the ksk or ksk's (plural)) Our system performs extra checks on DNSSEC information, trying to make sure that the introduction of DS information does not result in a broken chain-of-trust !
> DLV goes to dlv.isc.net or any other dlv repository you want. Is this still necessary ? Using DLV if the top-level-domain has full chain-of-trust ? > > That's three different zones, and three different signers. One observation though : All auth NS's have serial : 2011011301, but ns0.xname.org. and ns2.xname.org. (unofficial auth NS) have no RRSIG information ! (you might check if the DNS software on those name servers is capable of/configured for DNSSEC !) (if you are working with the registrar, You can also consult help pages on EURid.eu website, accessible to registrars only) Kind regards, Marc Lampo Security Officer EURid Woluwelaan 150 1831 Diegem - Belgium TEL.: +32 (0) 2 401 3030 MOB.:+32 (0)476 984 391 marc.la...@eurid.eu http://www.eurid.eu Want a .eu web address in your own language? Find out how so you dont miss out! _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
