Evan Hunt each at
Wed Nov 17 18:20:49 UTC 2010

> How would BIND sign a zone that is in a Database? Can BIND do this?
> ALL examples of using DNSSEC have been with flat files.

DNSSEC with SQL isn't supported in BIND 9 (yet?).  IIRC, it can return
signed responses for records that do exist, but it can't return proper
signed negative responses for records that don't.

BIND 10 does have a SQL data source that's fully DNSSEC compliant.  It's
not really production-ready yet, but you can check out the work in progress
if you like:

Evan Hunt -- each at
Internet Systems Consortium, Inc.

More information about the bind-users mailing list