Last week I wrote that I asked the .nl
TLD maintainers to
add the DS records for pa1ton.nl to the
.nl
zone.
And yesterday the big moment was there.
Have a look.
I just verified this with SIDN and I am number 7 on the
list of DNSSEC secured domains in the Netherlands.
Wow, that's really quick! 
Some time ago I blogged that my zones are signed and now it's possible to add
the DS key to the .nl
zone.
This still is a manual process, but I opted in with my pa1ton.nl
domain. The
.com
TLD isn't signed yet, so the tonkersten.com
is still to be done.
I also updated some scripts and things to make it work better 
First I need the ZSK and KSK and I generate them like this:
dnssec-keygen -e -a NSEC3RSASHA1 -3 -b 2048 -n ZONE pa1ton.nl
dnssec-keygen -a NSEC3RSASHA1 -3 -b 2048 -n ZONE -f KSK tonkersten.com
This enables the NSEC3
options for the zone.
And signing the zones is done like:
dnssec-signzone \
-v 3 \
-3 34A3 \
-A \
-d keys \
-K keys \
-N unixtime \
-f pa1ton.nl.signed \
-o pa1ton.nl \
-S pa1ton.nl
It will take a couple of days for the DS keys to appear in the .nl
TLD.
I will keep you posted.
Last night (Aug. 22 2010 at 00:25:47) SIDN signed the Dutch .nl zone and made it public.
This is, of course, reason for a party and calls for the signing of my own
zones. Unfortunately it's not possible to use secure delegation, but that's
something for the future.
I do have two domains up and running and I signed them both.
Read more »