[prev in list] [next in list] [prev in thread] [next in thread] 

List:       dns-operations
Subject:    [dns-operations] DNSSEC, IPv6 glue, multiple DNS servers, and eating your own dog food
From:       vjs () rhyolite ! com (Vernon Schryver)
Date:       2012-07-23 12:14:58
Message-ID: 201207231214.q6NCEwKa064171 () calcite ! rhyolite ! com
[Download RAW message or body]

> From: Jan-Piet Mens <jpmens.dns at gmail.com>

> I'm sure Vernon meant:
>
> | A registrar that does not have DS records for its main domain names
> | *in the parent zone* might lack experience dealing with DNSSEC
> | registrations.

Yes, and contrary to how it looks, `dig example.com ds` displays
the DS rrset from the parent com zone if the resolver consulted by
`dig` does the least DNSSEC things and there's nothing broken.
You might use `dig +ad example.com` and look for the AD flag in the
result, but that's more typing and harder looking, if more accurate.


Vernon Schryver    vjs at rhyolite.com

[prev in list] [next in list] [prev in thread] [next in thread]