Last week I wrote that I asked the .nl TLD maintainers to
add the DS records for pa1ton.nl to the
.nl zone.
And yesterday the big moment was there.
Have a look.
I just verified this with SIDN and I am number 7 on the list of DNSSEC secured domains in the Netherlands.
Wow, that's really quick! 
Some time ago I blogged that my zones are signed and now it's possible to add
the DS key to the .nl zone.
This still is a manual process, but I opted in with my pa1ton.nl domain. The
.com TLD isn't signed yet, so the tonkersten.com is still to be done.
I also updated some scripts and things to make it work better
First I need the ZSK and KSK and I generate them like this:
dnssec-keygen -e -a NSEC3RSASHA1 -3 -b 2048 -n ZONE pa1ton.nl dnssec-keygen -a NSEC3RSASHA1 -3 -b 2048 -n ZONE -f KSK tonkersten.com
This enables the NSEC3 options for the zone.
And signing the zones is done like:
dnssec-signzone \ -v 3 \ -3 34A3 \ -A \ -d keys \ -K keys \ -N unixtime \ -f pa1ton.nl.signed \ -o pa1ton.nl \ -S pa1ton.nl
It will take a couple of days for the DS keys to appear in the .nl TLD.
I will keep you posted.
Last night (Aug. 22 2010 at 00:25:47) SIDN signed the Dutch .nl zone and made it public. This is, of course, reason for a party and calls for the signing of my own zones. Unfortunately it's not possible to use secure delegation, but that's something for the future.
I do have two domains up and running and I signed them both.
