Discuss mailing list

[Jeff Taylor <shdwdrgn AT sourpuss.net>]

Corrections have been made to my process and the root zone now contains the DS records with the associated RRSIG records for the dyn/oss/parody/pirate zones.  These TLDs have also been signed now.  I believe I am only one step away from actually signing some domains, then we should be able to check the full chain.

On 06/10/2014 01:01 PM, Jeff Taylor wrote:

Just an update here... I pushed out a fully-signed root zone about an hour ago.  I've observed quite a number of servers picking up the new zone, and all the ones I tested were responding with the full dnssec keys.  So if anyone wants to start testing the new root, feel free.

One observation that has been made to me already... the keys are self-signed.  I don't know what that will affect, but until opennic has their own CA I'm not sure how we can fix it either (or if it actually needs fixed?).  If anything is badly broken, I can always revert back to the old (non-signed) root zone.

--------
You are a member of the OpenNIC Discuss list. 
You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org