discuss AT lists.opennicproject.org
Subject: Discuss mailing list
List archive
[opennic-discuss] Current state of DNSSEC on OpenNIC and how to configure resolvers
Chronological Thread
- From: Anton Luka Šijanec <anton AT sijanec.eu>
- To: discuss AT lists.opennicproject.org
- Subject: [opennic-discuss] Current state of DNSSEC on OpenNIC and how to configure resolvers
- Date: Fri, 13 Aug 2021 01:24:29 +0200
Hello!
My resolver (BIND 9.11.5) that uses OpenNIC root is currently not using
DNSSEC as I failed to configure it correctly, so I have a couple of questions:
What OpenNIC TLDs currently offer DNSSEC (have their zones signed) and
support setting DS records for SLDs?
Where are the DNSSEC root keys securely published? Wiki can be edited by
anyone at any time, DNS delivery can be MiTM-ed.
How does a Bind resolver administrator setup DNSSEC root keys for use with
"dnssec-validation yes; dnssec-enable yes;"?
Are the keys on the Wiki page (https://wiki.opennic.org/opennic/dnssec)
outdated? They aren't matching with the ones DNS servers 195.201.99.61 and
163.172.168.171 are returning.
Can anyone share their Bind configuration for OpenNIC DNSSEC here?
Thanks!
- [opennic-discuss] Current state of DNSSEC on OpenNIC and how to configure resolvers, Anton Luka Šijanec, 08/13/2021
Archive powered by MHonArc 2.6.24.