.Global - DNSSEC Overview for .GLOBAL

DNSSEC Overview for .GLOBAL

The Domain Name System Security Extensions (DNSSEC)

DNSSEC is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

DNSSEC overview for .GLOBAL

Field Name Valid Values Supported Required
Key Tag Inter between 0 and 65535 Y Y
Algorithm 3, 5, 6, 7, 8, 10, 12, 13, 14 Y Y
Max Signature Life number >=1 default=3456000 N N
Digest 1, 2, 3, 4 Y Y
Digest Type 40 characters Y Y
Flags 0, 256, 257 Y Y
Protocols 3 Y Y
Public Key a base 64 value Spaces are not allowed Y Y

DNSSEC Q&A

What version of DNSSEC is being implemented?
1.1
Will the Registry require DS Data for DNSSEC?
Yes, DS data is only required for domain registration should you wish to enable DNSSEC.
Please confirm that DNSSEC zone file configuration of the domain is not required prior to sending DNSSEC EPP commands.
No. It is NOT required.
Please confirm that DNSSEC zone file configuration of the domain is not required prior to sending DNSSEC EPP commands. - If No, please provide a brief explanation.
DNSSEC will work the same way it’s implemented for .info, .org
Is the maxsiglife attribute enabled?
No.
What is the maximum number of DNSSEC records allowed per domain? Open-Ended Response
10
If not supported at launch, please indicate when you expect to support DNSSEC. - Open-Ended Response
Available at launch