DNSSEC and forward zones
lyle at lcrcomputer.net
Tue Nov 1 20:16:47 UTC 2011
On 11/1/2011 3:00 PM, Phil Mayers wrote:
> On 11/01/2011 06:24 PM, Lyle Giese wrote:
>> A work-around (and it has some side effects and could be undesirable,
>> just be aware of the side effects of doing this) is to declare .internal
>> as a master zone in your DNS servers and then delegate
>> policydomain.internal to your Windows AD servers in your .internal zone.
> I was about to suggest trying that, but wasn't sure how it would
> interact with DNSSEC; any ideas?
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to
> unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
When you declare yourself as Master, then the zone starts here and it
doesn't ask the 'parent' for the keys for the zone. Since you won't
sign it as I assume the AD zone is not signed and is only for internal
use, you will be good.
LCR Computer Services, Inc.
More information about the bind-users