Hello Mr. Tinka & Mr. Andrews , Please see below . On Thu, 3 Jun 2021, Mark Tinka wrote:
On 6/3/21 00:25, babydr DBA James W. Laferriere wrote:
The Below is to keep thread of thought accurate ...
On Wed, 2 Jun 2021, Mark Tinka wrote:
* Step 2 - take your time cluing up on getting your zone signed, and being part of the solution toward a more secure Internet. No pressure, at your pace.
Again , Will this handle the case of self-signed only ?
Not sure I understand your question, in both cases of recursion and authoritative.
The Signing of the 'Zone' , Can the 'Zone' be signed by a self-signed key ? Or MUST I (and others) rely on a external certificate authority ? Mind you I notice in rfc6487 (note(s)) about self-signed certificates . So Maybe I am being a bit over worried about having to spend more money just to keep my 2 ip-ranges routing in light of the RPKI initative(s) . Which Mr. Andrews response below answers quite succinctly , On Thu, 3 Jun 2021, Mark Andrews wrote:
DANE works with self generated CERTs. The TLSA record provides the cryptographic link back to the DNSSEC root.
Thank You Mr. Andrews , Muchly . Is what I was hoping for . Thank You Both . JimL -- +---------------------------------------------------------------------+ | James W. Laferriere | System Techniques | Give me VMS | | Network & System Engineer | 3237 Holden Road | Give me Linux | | jiml@system-techniques.com | Fairbanks, AK. 99709 | only on AXP | +---------------------------------------------------------------------+