dnssec subzone not signed question
aclegg at isc.org
Thu Dec 23 02:02:02 UTC 2010
On 12/22/2010 6:49 PM, jim wrote:
> Sorry, still needing spoon fed.
No problem. You might be interested in a presentation that I gave at
NANOG earlier in the year:
> When you say DS record in the parent, would this be .example.edu
> <http://example.edu> or my parent .edu
> The end result is get example.edu <http://example.edu> as a dnssec
> secured zone by getting a DS record in .edu
> So it sounds like when I do upload the example.edu <http://example.edu>
> DS record to .edu, my subdomain.example.edu
> <http://subdomain.example.edu> will break, I will need to sign every
> zone inside example.edu <http://example.edu>?
Consider that right now, the root (.) is signed. There is a DS record in
(.) for edu, but there is not a DS record in edu for example.edu. You
don't have example.edu signed yet, but it continues to work.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 260 bytes
Desc: OpenPGP digital signature
More information about the bind-users