November 18, 2008: A new link has been added to list all keys that are loaded on the recursive resolvers. We will update this list as more keys are made aavailable. We are also upgrading the Unbound server to the latest 1.1.0 release which supports DLV. Once this is upgrade, we will change the status on that server.
November 17, 2008: We have added a third additional resolver to test against running a different DNS application server. We have also updated the descriptions on each server to identify what DNS application server each server is running.
October 29, 2008: We have added an additional resolver to test against running a different DNS application server. Please feel free to test against this server and provide feedback.
October 1, 2008: This trial is being conducted by the Internet Services team, in National Engineering & Technical Operations. Given the move by the .GOV Top Level Domain (TLD), as well as the coordinated activities of the public sector, private sector, industry groups, and other non-govermental organizations regarding other TLDs implementing DNSSEC, we have started a production trial to evaluate a move to DNSSEC by large ISPs. As of October 1, 2008, we have made available a DNSSEC resolver for anyone in the Internet community to test against. In addition, as we perform testing, decide how to deploy DNSSEC resolvers widely, and how to sign our own zones, we will be building documentation about our experiences, and intend to share this with the Internet community at large.
Please choose your DNS server and download our DNSSEC key. We have included this in a mininum configurations needed for each platform.
1 - Bind DNSSEC configuration/key for dnssec.comcast.netWe have deployed DNSSEC-enabled DNS caching servers in our production network. If you would like to test our DNSSEC resolvers for signed domains, please point your DNS requests to:
IP Address: 68.87.64.154
FQDN of Server: phil-dnssec-trial.inflow.pa.bo.comcast.net
DNS Application: Nominum Vantio