On Sun, 2013-12-08 at 02:37 +0100, Karanbir Singh wrote: > hi, > > I think we have enough infra in place and can manage it well enough in > order to be able to sign the centos.org domain records; is there any > reason why we should not look at doing this ? > With signing I guess you mean DNSSec? I think the most important thing is that the solution is fully automated. DNSSec doesn't give much room for errors. What is your plan for key-rollovers? -- Sander