[AfrICANN-discuss] Re: [afnog] [AfTLD-Discuss] .TZ DS records
in root zone
Dr Eberhard W Lisse
el at lisse.na
Sat Feb 9 22:59:44 SAST 2013
Mark,
as you know we do DNSSEC and CoCCA in .NA for a while now.
At the moment we can not upload the DS records directly (so
it is a manual but not labor intensive process, given that
entities wishing to secure their zones will be definition be
stable :-)-O), but, you are right, this is being worked
upon.
el
On 2013-02-09 22:41 , Mark Elkins wrote:
> Thanks Simon, A few more questions/remarks...
>
> On Sat, 2013-02-09 at 16:44 +0000, Simon M. Balthazar
> wrote:
>> Hello Mark,
>>
>> TZNIC is using its own signer platform and nothing is
>> outsourced.
>
> Very cool. It would be useful to the African community
> for someone to do a presentation on how you are doing this
> (as others suggested). Would love to know if you are
> using an HSM or keep keys on the file system - etc....
>
>> We are using FRED hence DS records like any other records
>> are included in the parent zone through registrar's
>> interface.
>
> Make sense. I believe that Cocca has (will have) the same
> ability, so technically, any ccTLD running Cocca or Fred
> can follow you on this.
>
>> I don't have stats of dnssec aware resolvers in TZ,
>> however tznic is planning a massive campaign which will
>> include activities like training to all stakeholders
>> including ISPs with the aim of increasing dnssec
>> awareness and deployment. We hope this will as well
>> inspire ISPs to turn on dnssec on their resolvers.
>
> :-)
>
> Questions,
> doing any DNS/DNSSEC training?
> what does the ccTLD structure look like?
> I'm guessing..
>
> .tz - closed - except for exciting new second levels...
> .co.tz - Commercial
> .or.tz - Organisations
> ...
>
> So how far down are signed domains available. I get no AD
> bit when looking up www.tznic.or.tz yet. Its just the
> 'tz' zone for now?
>
> I'll be asking later, can I get a TZ based zone such as
> 'dnssec.co.tz/dnssec.or.tz' (which would be similar to
> 'dnssec.co.za/dnssec.na') and pass you the appropriate DS
> record from my side? Take a look at 'www.dnssec.co.za'.
>
> I'm excited for you guys!
>
More information about the AfrICANN
mailing list