Some TLDs unfortunately still don't support DNSSEC all the way to the root. However, is it possible to add a specific DNSKEY to my resolver (currently using knot-resolver
) so that a signed zone can be verified even without TLD support?
Server Fault is a question and answer site for system and network administrators. It only takes a minute to sign up.
Sign up to join this community