Why is it that IANA and the Root Server operators seem generally averse to using DNSSEC in its current form? Keith Davidson Andy Linton wrote:
I'm pretty sure I recall discussions with the DNC about the setting up of 'geek.nz' where we asked about getting the zone signed and agreed to wait until the whole of .nz would be signed. The discussion went along the lines 'you want DNSSEC signing of the new 'geek.nz' zone? that's a good idea. why don't we do it for all of NZ'
Now there appear to be doubts from the managers of the nz tld about signing the whole zone - I don't agree with them but if that's their stance, can we have signing of geek.nz back on the agenda please.
This will do two things:
1) It will provide operational experience in doing the DNSSEC thing 2) It will provide a test bed to see if those in 'geek.nz' get scammed, spammmed, slammed, jammed, damned .... as a result.