BIND 9.8.0b1 Released Today
Paul Wouters
paul at xelerance.com
Mon Jan 24 14:54:34 UTC 2011
On Sat, 22 Jan 2011, JINMEI Tatuya / 神明達哉 wrote:
>>>> Does this work with DNSSEC if one loads an explicit trust anchor, even
>>>> if in the "world view" the trust anchor is missing?
>>>
>>> I'm afraid I don't understand the question. Could you be more
>>> specific, e.g., by using the above example.com example?
>>
>> I think Paul is wondering if it works with the DENIC testbed. 8-)
>> The forward hack does not work reliable for DNSSEC islands, IIRC.
>
> (I still don't understand what exactly "it works with the DENIC
> testbed" means in the context of the original question of Paul, but)
> If so, I believe the answer is yes. static-stub was developed
> specifically for that purpose (although the feature itself is generic
> and would be useful for other purposes) :-)
I meant, if you have a zone example.tld. And tld. is not signed, but
you have a testbed for a signed tld. at IP 1.2.3.4, if static-stub
would allow you to configure a resolving bind to perform DNSSEC on
1.2.3.4 with a loaded trusted-key. So yes, the "de" (or "ca") testbed
hook.
Paul
More information about the bind-users
mailing list