Mozilla.cz DNS is hosted on mozilla.org NS server whois mozilla.cz nsset: NSS:MMMOZILLADNS nserver: ns1.mozilla.org nserver: ns2.mozilla.org tech-c: SB:MARKMONITOR registrar: REG-ACTIVE24 CZ top domain is already signed host -t ds cz. cz has DS record 14568 10 2 ... and Mozilla.cz registrar (ACTIVE24) support DNSSEC "DNSSEC for already registered domain, which works on its own DNS servers, can be activated via the Customer Center. First, it is necessary to create a KEYSET object in the Customer Center and then editing the domain assigned this KEYSET to the domain."
Pavel, This is not going to be priority at this point, till we have mozilla.com and mozilla.net signed and working as expected. To roll out DNSSEC elsewhere (and to a larger subset of mozilla domains), we'll have to spend sometime looking at signers etc and how we can scale this in the long term. This will not happen in the immediate future, so I'm going to move this into projects.
I'm getting an error when attempting to add the DS record at our domain registrar - this work will be postponed. Failed to change dns keyset from:  to: [DnsSec keyTag=37623, algorithm=7, digestType=1, digest=7278F97BB4CF2CE1A0EAEDD3347785D5C3D8C42F, flags=null, publicKey=null] because: Error creating keyset for domain id: 828015 at the registry.
We cannot add dnssec support to .cz domains until the registrar starts supporting dnssec
Does MarkMonitor still not support DNSSEC for .CZ domains? I was unable to find any detailed information on their website.
Brian, can you please check if MarkMonitor still does not support DNSSEC for .CZ domains? I was unable to find any detailed information on their website.
(In reply to Michal Stanke (Mozilla.cz) [:MikkCZ] [away until Sep 10] from comment #5) > Brian, can you please check if MarkMonitor still does not support DNSSEC for > .CZ domains? I was unable to find any detailed information on their website. :MikkCZ Unfortunately this is no longer on my road map for this year, let's revisit this in 2016Q1 unless there is something I am missing.
HI. The four month fled like water. Are we manage to do this in Q1? I would like to implement Let's Encrypt HTTPS as well, once our hosting provider supports it (hopefully soon), so having both in Q1 would be great achievement.
(In reply to Michal Stanke (Mozilla.cz) [:MikkCZ] from comment #8) > :digi, ping? Hi Michal, Sorry for the delay in getting back to you. We are not looking to implement DNSSEC on any additional domains, and we're going to roll DNSSEC back on mozilla.com. We have records being signed at our DNS servers, but the DS record at our registrar was never added and we have some limitations on our side that will prevent us from moving forward.