DNSSEC closed environment

Mark Andrews marka at isc.org
Wed Jul 8 04:51:42 UTC 2009


In message <ce9bf7140907072142h7f279c85ub23f9777e3670670 at mail.gmail.com>, =?ISO
-8859-1?Q?Eduardo_J=FAnior?= writes:
> Hi,
> 
> 
> I want test dnssec in the closed environment and controled to get some
> information.
> 
> it's possible configure dnssec only between 2 name servers, first is
> the authoritative and second is the recurisve? The authoritative name
> server would have zones signed and the recursive will do querys and
> validation.

	Yes.
 
> It's enough put in my named.conf of the recursive name server the
> public key (trusted keys) of a zone signed in authoritative name
> server? And using dig (properly compiled and configured) makes
> requests to recursive  and validation occurs correctly?
> 
> Any reference?

	Just do it.  This is a basic island of trust setup.

> Thanks in advance,
> 
> -- =
> 
> Eduardo J=FAnior
> GNU/Linux user #423272
> 
> :wq
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list