discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] Some notes about DNSSEC

From: Amunak <amunak AT amunak.net>
To: discuss AT lists.opennicproject.org
Subject: Re: [opennic-discuss] Some notes about DNSSEC
Date: Tue, 10 Jun 2014 21:15:10 +0200

Someone should probably push the whole opennic with cacert idea; I still think it would benefit both parties.

[2014-06-10 21:01+0200] Jeff Taylor <shdwdrgn AT sourpuss.net> wrote:

Just an update here... I pushed out a fully-signed root zone about an hour ago. I've observed quite a number of servers picking up the new zone, and all the ones I tested were responding with the full dnssec keys. So if anyone wants to start testing the new root, feel free.

One observation that has been made to me already... the keys are self-signed. I don't know what that will affect, but until opennic has their own CA I'm not sure how we can fix it either (or if it actually needs fixed?). If anything is badly broken, I can always revert back to the old (non-signed) root zone.
--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

[opennic-discuss] Some notes about DNSSEC, Jeff Taylor, 06/09/2014
- Re: [opennic-discuss] Some notes about DNSSEC, Jeff Taylor, 06/10/2014
  - Re: [opennic-discuss] Some notes about DNSSEC, Amunak, 06/10/2014
  - Re: [opennic-discuss] Some notes about DNSSEC, Jeff Taylor, 06/17/2014