More about DNSSEC validation, and signing the zone

2009-07-01 - News - Chris Thompson

The web page describing how to set up DNSSEC validation on your own recursive nameservers, using the lookaside validation zone, has been updated and is now at

We continue to make progress towards signing The previous signed near-clone "cam.test" will be removed at the end of this week. Instead we have a new such zone "" which is properly delegated and registered at Instructions on how to slave it or validate against it are at

We have had almost no feedback so far. We would like to hear from anyone who has successfully slaved it, but even more from those who tried and failed. We believe that much old nameserver software will be unable to cope, and expect to have to provide "dumbed-down" unsigned versions of the signed zones for such clients. We need to estimate how large the demand will be for such a service.