pointless.net  • Blog • Photos • About

2011- 09-07

DNSSEC running, probably.

September 7, 2011

pointless.net zone is now signed, and the key is in the ISC DLV system.

If you use the DNSSEC Validator Firefox add-on you get a green key on the left of the address bar for domains that have valid, verified dnssec signatures, which is nice.

I'm not 100% sure that pointless.net will always work - the secondaries don't support dnssec signing records, even tho the zones they are serving are signed, I'll have to play around a bit more and if needed change secondaries or see if they can be upgraded.

I'm using the DLV system since afaict easyDNS doesn't yet support taking DS records from clients and publishing them to the tld, I've tried several times to find a registrar that does DNSSEC and lets you just give them the DS records and deal with it - most of the DNSSEC supporting registrars seem to only support DNSSEC when you use there nameservers, which i don't want to do.

Also useful to know is www.dnssec-failed.org it's deliberately broken so you can use it to check that zones with broken signatures do get detected. rhybar.cz and badsign-a.test.dnssec-tools.org are also deliberately broken.

For working domains try ietf.org and the page you are on now.

tags: pointless.net dnssec upgrades

Add a comment:

Valid HTML 4.01! Valid CSS! ipv6 ready