Hi folks!
We have the majority of our domains registered in Route 53 along with corresponding hosted zones. All are enabled for DNSSEC and work fine.
We have one .it domain that AWS lists as 'Not supported' for DNSSEC, however I do not believe this to be true.
If I check https://dnssec-analyzer.verisignlabs.com/ then the .IT root zone is shown as having the correct DS and DNSKEY records so does appear to be fully supported. Map data from https://www.internetsociety.org/deploy360/dnssec/maps/ also agrees.
Has anyone had any experience with getting .IT domain enabled for DNSSEC on Route 53? I have been able to create the DNSKEY records using Route 53 without issue but cannot complete the deployment due to the 'Not supported' blocker. I can raise a ticket to support but wanted to check here first.