Den 31-01-2024 kl. 20:47 skrev Bjørn Mork:
Why do they put their DNS servers in an unsigned zone?
To try to make a more in-depth example:
At the moment, .COM/.NET is relying on GTLD-SERVERS.NET for the
authoritative DNS.
GTLD-SERVERS.NET is currently relying on NSTLD.COM for the authoritative
DNS.
With this example, you are asking why neither GTLD-SERVERS.NET nor
NSTLD.COM has been DNSSEC signed?
In that case, I would probably be extending that a bit, considering a
lot of critical resources out there (even if announced as IPv6 /48 and
IPv4 /24) still do not have any RPKI ROA, at all.
(But maybe that's just me...)
--
Med venlig hilsen / Kind regards,
Arne Jensen
