[afnog] [AfTLD-Discuss] .TZ DS records in root zone

Mark Elkins mje at posix.co.za
Sat Feb 9 20:41:59 UTC 2013 

Thanks Simon,
A few more questions/remarks...

On Sat, 2013-02-09 at 16:44 +0000, Simon M. Balthazar wrote:
> Hello Mark,
> 
> TZNIC is using its own signer platform and nothing is outsourced.

Very cool. It would be useful to the African community for someone to do
a presentation on how you are doing this (as others suggested).
Would love to know if you are using an HSM or keep keys on the file
system - etc....

> We are using FRED hence DS records like any other records are included
> in the parent zone through registrar's interface. 

Make sense. I believe that Cocca has (will have) the same ability, so
technically, any ccTLD running Cocca or Fred can follow you on this. 

> I don't have stats of dnssec aware resolvers in TZ, however tznic is
> planning a massive campaign which will include activities like training
> to all stakeholders including ISPs with the aim of increasing dnssec
> awareness and deployment. We hope this will as well inspire ISPs to
> turn on dnssec on their resolvers.

:-)

Questions, 
doing any DNS/DNSSEC training?
what does the ccTLD structure look like?
I'm guessing..

.tz - closed - except for exciting new second levels...
.co.tz - Commercial
.or.tz - Organisations
...

So how far down are signed domains available. I get no AD bit when
looking up www.tznic.or.tz yet. Its just the 'tz' zone for now?

I'll be asking later, can I get a TZ based zone such as
'dnssec.co.tz/dnssec.or.tz' (which would be similar to
'dnssec.co.za/dnssec.na') and pass you the appropriate DS record from my
side? Take a look at 'www.dnssec.co.za'.

I'm excited for you guys!

> Simon.
> 
> 
> Sent from my BlackBerry® smartphone from Vodacom Tanzania
> 
> -----Original Message-----
> From: Mark Elkins <mje at posix.co.za>
> Sender: afnog-bounces at afnog.orgDate: Sat, 09 Feb 2013 17:41:32 
> To: ALAIN AINA<aalain at trstech.net>
> Reply-To: mje at posix.co.za
> Cc: <aftld-discuss at aftld.org>; AfNOG<afnog at afnog.org>
> Subject: Re: [afnog] [AfTLD-Discuss] .TZ DS records  in root zone
> 
> _______________________________________________
> afnog mailing list
> http://afnog.org/mailman/listinfo/afnog

-- 
  .  .     ___. .__      Posix Systems - (South) Africa
 /| /|       / /__       mje at posix.co.za  -  Mark J Elkins, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS  Tel: +27 12 807 0590  Cell: +27 82 601 0496

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6147 bytes
Desc: not available
URL: <http://afnog.org/pipermail/afnog/attachments/20130209/00bb857a/attachment.bin>

More information about the afnog mailing list