Ben benjo11111 at gmail.com
Wed May 9 20:11:23 UTC 2012


How's your experience with DNSSEC while using it with caching dns and 
authoritative dns ?

If we are using DNSSEC enable with caching resolver, and remote domain 
is not DNSSEC enabled so in that case , do we face any problem,  means 
any failure or something?

> Gaurav Kansal<gaurav.kansal at nic.in>  wrote:
>> DNSSEC is done on Authoritative side.
> Signing is done on authority servers. It's straightforward with
> inline-signing mode, or if you maintain your zone with dynamic updates.
>> Caching DNS only check whether that particular domain is signed or not,
>> only if that caching DNS is designed to do so.
> Validation is done on caches. In my experience validation is a pretty
> untroublesome feature to enable, provided you aren't completely hammering
> your name servers.
> Tony.

More information about the bind-users mailing list