I’ve had pdnssec running for this domain and  a few others for some time now and the domains have been signed “locally” in preparation for signing by the parent domain.

This works really nicely and now that I’m doing consultancy and contract work I thought I’d look into how I get the domain signed by the parent so I can offer DNSSEC as an option to my clients.

Thanks to a post on the dnssec-deployment mailing list I found a list of registrars that had passed accreditation for DNSSEC on .ORG – note the very careful wording at the top of that page:

A registrar who has passed OT&E for DNSSEC will have a “Yes” indicator below. This does not indicate whether the registrar has enabled a DNSSEC service for the registrants. Please contact the registrars directly for their DNSSEC service.

So I emailed a five of the registrars that have been approved asking how I could sign a domain that had I already purchased and was hosting on my own servers…

I’m still waiting for two of them to come back to me, however all of the responses so far have been along the lines of

We don’t provide DNSSEC at the moment but we are planning to next year (2012).

If you would like to purchase a domain from us, please contact us on xxx-xxx-xxxx

(An aside here to technical companies: If I send you an email stating I already have a domain that I want to integrate with your systems, please don’t try and sell me a new one…)

I’ve ended up having to email organisations such as Nominet directly and even they have passed it to “second line” support.

At this point I can only conclude that the world isn’t ready for dnssec yet which is a real shame as it would be far less hassle than implementing IPv6…

I’ll post more updates here as they become available.