benjo11111 at gmail.com
Wed May 9 20:11:23 UTC 2012
How's your experience with DNSSEC while using it with caching dns and
authoritative dns ?
If we are using DNSSEC enable with caching resolver, and remote domain
is not DNSSEC enabled so in that case , do we face any problem, means
any failure or something?
> Gaurav Kansal<gaurav.kansal at nic.in> wrote:
>> DNSSEC is done on Authoritative side.
> Signing is done on authority servers. It's straightforward with
> inline-signing mode, or if you maintain your zone with dynamic updates.
>> Caching DNS only check whether that particular domain is signed or not,
>> only if that caching DNS is designed to do so.
> Validation is done on caches. In my experience validation is a pretty
> untroublesome feature to enable, provided you aren't completely hammering
> your name servers.
More information about the bind-users