DANE of SMTP Survey
Mark Tinka
mark at tinka.africa
Tue Jun 8 10:39:23 UTC 2021
On 6/3/21 23:41, babydr DBA James W. Laferriere wrote:
>
> The Signing of the 'Zone' , Can the 'Zone' be signed by a
> self-signed key ? Or MUST I (and others) rely on a external
> certificate authority ?
>
> Mind you I notice in rfc6487 (note(s)) about self-signed
> certificates .
> So Maybe I am being a bit over worried about having to spend more
> money just to keep my 2 ip-ranges routing in light of the RPKI
> initative(s) .
>
> Which Mr. Andrews response below answers quite succinctly ,
Indeed! Thanks, Mark.
Yeah, it's never been obvious or apparent to me that self-signed keys
for DNSSEC would not be honoured.
My personal zone, as well as my company's one, are both self-signed.
They've both been working reasonably well, so far.
Mark.
More information about the NANOG
mailing list