DNSSEC
Tony Finch
dot at dotat.at
Wed May 9 19:16:11 UTC 2012
Gaurav Kansal <gaurav.kansal at nic.in> wrote:
> DNSSEC is done on Authoritative side.
Signing is done on authority servers. It's straightforward with
inline-signing mode, or if you maintain your zone with dynamic updates.
> Caching DNS only check whether that particular domain is signed or not,
> only if that caching DNS is designed to do so.
Validation is done on caches. In my experience validation is a pretty
untroublesome feature to enable, provided you aren't completely hammering
your name servers.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at/
Hebrides: Northeasterly 4 or 5, increasing 5 to 7 except in northwest.
Moderate. Showers. Good.
More information about the bind-users
mailing list