[prev in list] [next in list] [prev in thread] [next in thread]
List: dns-operations
Subject: [dns-operations] DNSSEC, IPv6 glue, multiple DNS servers, and eating your own dog food
From: vjs () rhyolite ! com (Vernon Schryver)
Date: 2012-07-23 12:14:58
Message-ID: 201207231214.q6NCEwKa064171 () calcite ! rhyolite ! com
[Download RAW message or body]
> From: Jan-Piet Mens <jpmens.dns at gmail.com>
> I'm sure Vernon meant:
>
> | A registrar that does not have DS records for its main domain names
> | *in the parent zone* might lack experience dealing with DNSSEC
> | registrations.
Yes, and contrary to how it looks, `dig example.com ds` displays
the DS rrset from the parent com zone if the resolver consulted by
`dig` does the least DNSSEC things and there's nothing broken.
You might use `dig +ad example.com` and look for the AD flag in the
result, but that's more typing and harder looking, if more accurate.
Vernon Schryver vjs at rhyolite.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic