Two more top-level-domains (TLDs) joined the global DNSSEC “chain of trust” today! By way of two tweets from @RootChanges we learned that the .AT and .PL domains are now linked into the DNSSEC “chain of trust” via the insertion of Delegation Signer (DS) records into the root zone.
What this means on a practical level is that anyone signing a .AT or .PL domain can now have that domain validated all the way from the root of DNS. DNSSEC-validating DNS resolvers can now completely authenticate the chain of trust from the root all the way down to the signed domain.
As of this moment, ICANN’s TLD DNSSEC report (below) still shows .AT and .PL as being signed but not yet published in the root – but that should change when the report is run tomorrow:
Congrats to the teams behind the signing of the .AT and .PL domains! Great to see them joining the DNSSEC chain of trust.
UPDATE 10 Feb 2012: As expected today’s ICANN TLD DNSSEC report does indeed show both .AT and .PL as fully signed and with a DS in the root.