Secure Split DNS thought.

Ted_Rule at Ted_Rule at
Mon Nov 15 18:51:18 UTC 1999

A question which will no doubt arise in future with the more widespread adoption
of DNSSEC........

If I have a split DNS configuration with a "" tree and perhaps
subtrees visible to
the internet as well as a "" tree and perhaps a DIFFERENT set of
subtrees visible
to the internal company network..... ( where, most likely, the internally
visible tree is a superset of the
externally visible tree )

     Should I use the same DNSSEC KEYs on any given label/RRset
          which is visible in both the internal and external domains?

     Can I use different ones?

     Do any conflicts arise?

     Do any issues arise with those pesky NXT records as between the different

     Is use of a different KEY set internally preferred, so that compromise of
the external KEY set
     doesn't potentially compromise the internal tree?

Ted Rule,
Flextech Television

This E-mail message, (including any attachments), is intended
only for the person or entity to which it is addressed,
and may contain confidential information.

If you are not the intended recipient, any review, retransmission,
disclosure, copying, modification or other use of this E-mail message
or attachments is strictly forbidden.

If you have received this E-mail message in error, please contact the
author and delete the message and any attachments from your computer.

You are also advised that the views and opinions expressed in this E-mail
message and any attachments are the author's own, and may not reflect the
views and opinions of FLEXTECH Television.

More information about the bind-users mailing list