-----BEGIN PGP SIGNED MESSAGE----- In order to extend the deployment of security technology, we switch to DNSSEC for us and our customers. Usually the collection of SEP keys on each resolver host is hard to maintain. This is the reason why, we set up an other DLV zone. The zone is automatically rechecked for new keys and subentries on each zone. Please allow AXFR (auth by DNSSEC key) to provide all necessary data. The bind lookaside mechanism is limited to small steps, so a many DLV entries as possible are needed. I copy also the data from dlv.verisignlabs.com, so you may even trust them. ;-) Necessary configuration in /etc/named.conf: options { ...; dnssec-enable yes; dnssec-lookaside "." trust-anchor "dnssec.iks-jena.de"; }; trusted-keys { "iks-jena.de." 257 3 5 "AQPRteOmx973cbeIMigT7nciz3dcbt8ssZPG OK2vtPQlEaZO2fKgnm1Fo6FPWcGqKv6O1Zpj Ew2upKVDnzwMCRHpGe0Qh2TawStviww/jxUt joZom9Hy6uIkTvo7TxqnWg55LoHlcsl1kxsF 1PsM2Z88F1XhXSrUtkiQnViXbfzR0joDE8xG J9zRNuzr9Jik+bcv4S4KFOE/Ocn4F5vF7+eo jz9m3/u0gvQdvgFsb7OHr9cYA5GeG++cJWGG 6xFF+yWEDdWuu2A7IJM3EQFWLr0kGDS6oWo/ 5Bz4PlrURjU5wahM1iwLnbKXhQQempzPYnSE s1CW+KH73WjMa76Dna9B"; }; It's recommended to set up a secondary for "dnssec.iks-jena.de". We send out notifies, too. I did not manage to install a web form right now. If you like to get listed, please send me an email. I'm looking for a *stable* ipv6 and dnssec able secondary server for our zones. If you like to exchange secondary DNS service in different AS, please contact me via OpenPGP mail. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iQCiAwUBQ+JD3pFeTizbCJMJAQH3+QRmNxR+RIQYqlrEv2IbFBsAheZINPbSbUnw GkBCUvnTJIHmE9s2em0hxkUR+QQOpaih4szklG2B96aZ04eds5CH9ujovdfTMp0P rb1ri6SIdvHPez50Yp9EbG51Dsdde/8eQgU3P7HHU8ZXUY9x8d0EkMu9fHrsLgkv 66NNL6ezk9S25aoTknE51FlxknX1 =PyvH -----END PGP SIGNATURE-----