Michael Smith smitit at gmail.com
Mon Nov 27 23:10:41 UTC 2006

How do I preserve the chain of trust if I happen to run 2 zones within
the same DNS server with DNSSEC (running Bind 9.3.3)

zone 1: example.com (signed with a KSK)
zone 2: myzone.example.com (signed with a KSK)

Do I need to include anything on the "example.com" zone in order to
enable the trust? Or, do I need to sign the example.com zone with
another parameter?

Do I need to add the DS RR record with something like "$include
dsset-myzone.example.com" on the "example.com" zone?


More information about the bind-users mailing list