DNSSEC

Chris Thompson cet1 at cam.ac.uk
Wed Sep 30 14:49:35 UTC 2009


On Sep 30 2009, Mark Andrews wrote:

>In message <Prayer.1.3.2.0909291446310.21208 at hermes-1.csi.cam.ac.uk>,
> Chris Thompson writes:
>> DNSSEC certainly adds to the aggravation of having lots of piddling little
>> reverse zones. Some people may just decide not to bother signing reverse
>> zones ("reverse lookup results should only be treated as a hint, anyway").
>
>DNSSEC makes no difference to the count of reverse zones unless you
>are depending on the nameserver filtering out records that shouldn't
>be loaded into a zone.

Of course it doesn't affect the number of reverse zones. But if you already
have more of them than you want, managing keys for each of them is that much
extra hassle.

But maybe BIND 9.7 will make key management such a doddle that we won't care ...

-- 
Chris Thompson
Email: cet1 at cam.ac.uk



More information about the bind-users mailing list