Discuss mailing list

[04dco <0 AT 04d.co>]

OpenNIC does support DNSSEC and most TLDs are signed and valid. I am 
using PowerDNS Recursor with the root hints method and I had to add two 
trust anchors (DS records) manually for DNSSEC to validate.

. IN DS 60820 8 1 D57B64AA915F4457889080EFAAA33828E42D8BA6
. IN DS 60820 8 2 
A01E33C8E95712E555FA9E6C09921830F3A518E36C5998F4ADBF5570AA86B538

; <<>> DiG 9.11.13 <<>> opennic.glue
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7840
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;opennic.glue.                  IN      A

;; ANSWER SECTION:
opennic.glue.           7200    IN      A       45.56.115.189
opennic.glue.           7200    IN      A       45.56.116.224

;; Query time: 352 msec
;; SERVER: 10.0.0.2#53(10.0.0.2)
;; WHEN: Mon Mar 02 18:28:05 EET 2020
;; MSG SIZE  rcvd: 73

On 02/03/20 11:21, Daniel Quintiliani wrote:
> I agree but I thought OpenNIC couldn't support DNSSEC at all because the 
> OpenNIC TLDs are unofficial?
>
> --
>
> -Dan Q
>
>
> On Mon, 2 Mar 2020 18:18:03 +0200, 04dco <0 AT 04d.co> wrote:
>
> > I propose that the people that run .o and .epic should sign their TLDs
> > with DNSSEC for better security.
> >
> > Thank you.
> >
> >
> > --------
> > You are a member of the OpenNIC Discuss list.
> > You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org

> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org


--
PGP FP: 510F DD0E 1DC6 E017 6F84 483B 0DD8 DF90 A6D3 663F
PGP Key URL: https://04d.co/pubkey.txt
Contact: 04dco <0 AT 04d.co>