8 Feb
2024
8 Feb
'24
11:10 a.m.
Den 31-01-2024 kl. 20:47 skrev Bjørn Mork:
Why do they put their DNS servers in an unsigned zone?
To try to make a more in-depth example: At the moment, .COM/.NET is relying on GTLD-SERVERS.NET for the authoritative DNS. GTLD-SERVERS.NET is currently relying on NSTLD.COM for the authoritative DNS. With this example, you are asking why neither GTLD-SERVERS.NET nor NSTLD.COM has been DNSSEC signed? In that case, I would probably be extending that a bit, considering a lot of critical resources out there (even if announced as IPv6 /48 and IPv4 /24) still do not have any RPKI ROA, at all. (But maybe that's just me...) -- Med venlig hilsen / Kind regards, Arne Jensen