-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
38 lines (35 loc) · 1.72 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
# DNSSEC keys version 1.18, Mar 14 2009
# by Paul Wouters <[email protected]>
# http://www.xelerance.com/software/dnssec-conf/
#
# This file contans notes on where and why we got certain DNSSEC keys
# This is required to prime DNSSEC aware caching resolvers such as Bind or Unbound
# Only KSK's are obtained for loading into the resolver. ZSK's are ignored.
#
# production - known good keys. Verified by a human. Usually updates are
# posted on the DNS related mailinglists (dnsop, dnsex,
# dnssec-deployment, namedroppers and dedicates lists for TLD's)
# testing - testbed keys. These might affect production. Should not be
# enabled unless you know what you're doing
# harvest - keys were obtained querying the DNS. Unverified and fully
# automated process. Use at own risk. Mostly used to detect
# new keys that were not announced anywhere
# For TLD DNSSEC keys, please see http://www.xelerance.com/dnssec/
# in-addr.arpa. itself is not signed, but some domains inside it are:
# RIPE's in-addr.arpa. signed zones are obtained from RIPE's https server
# See https://www.ripe.net/projects/disi//keys/
#
# e164.arpa. (ENUM) is obtained from RIPE's https server
# All signed subdomains in e164.arpa. are properly delegated with DS records,
# and do not need a separate trust anchor in a resolver.
# See: http://www.ripe.net/enum/
#
# IDN test domains were harvested
# See http://www.icann.org/en/announcements/announcement-2-19jun07.htm
#
# dlv.isc.org
# ISC DLV Registry
# See https://secure.isc.org/index.pl?/ops/dlv/index.php
# The Root zone (test) and other test keys: http://ns.iana.org/
# disabled because you will have to resolve via their nameserver for
# these keys to work.