BIND and DNSSEC
alan at clegg.com
Thu Nov 1 11:08:10 UTC 2012
On Nov 1, 2012, at 3:02 AM, Kobus Bensch <kbensch at fullnet.co.uk> wrote:
> Thank you for this. Had a look and it seems fairly easy. Not sure if that is a flippant remark.
As the author of this document, I must say thanks. Deploying DNSSEC is not hard.
It's the care and feeding after-the-fact (key rollover) that you must be extremely careful with.
> A question: is implementing dnssec a good enough reason to abandon split horizon DNS?
I'd find any excuse to abandon views/split-horizon.
Alan Clegg | +1-919-355-8851 | alan at clegg.com
More information about the bind-users