8 Jun
2021
8 Jun
'21
6:39 a.m.
On 6/3/21 23:41, babydr DBA James W. Laferriere wrote:
The Signing of the 'Zone' , Can the 'Zone' be signed by a self-signed key ? Or MUST I (and others) rely on a external certificate authority ?
Mind you I notice in rfc6487 (note(s)) about self-signed certificates . So Maybe I am being a bit over worried about having to spend more money just to keep my 2 ip-ranges routing in light of the RPKI initative(s) .
Which Mr. Andrews response below answers quite succinctly ,
Indeed! Thanks, Mark. Yeah, it's never been obvious or apparent to me that self-signed keys for DNSSEC would not be honoured. My personal zone, as well as my company's one, are both self-signed. They've both been working reasonably well, so far. Mark.