03-23-2017 10:18 PM
How can my ISP authenticate that I am the DNS admin of bank.com and that the DS record I am trying to send to them to be uploaded to .com TLD is the correct one. I mean anyone can call and supply a DS.
I guess there must be a secure mechanizm for locating the DS on .com.
Solved! Go to Solution.
04-05-2017 01:34 PM
When the DS record is provided to the register they should perform a verification by looking up the associated DNSKEY record for the domain on its registered authoriative name servers. If this verification fails, the DS record should be rejected and not loaded.
I hope that helps!