Policy update 9 December 2014
Supporting the introduction of DNSSEC for .no domains, the domain name policy gets an update in Appendix F: Technical name server requirements.
New paragraph 9:
- Securing a domain name with DNSSEC is voluntary. For DNSSEC-secured
domains, the following applies:
- The DS records registered with Norid must refer to one or more DNSKEY records in the delegated zone.
- At least one of the signatures over the DNSKEY records must be generated using an algorithm that is supported by Norid.
Norid must be able to validate the correctness of the SOA and NS-records in the zone, using at least one of the DS-/DNSKEY-pairs.