Free secondary servers supporting DNSSEC?

Tony Finch dot at dotat.at
Sun Feb 17 18:08:33 UTC 2013


Vernon Schryver <vjs at rhyolite.com> wrote:
>
> How does a secondary authoritative DNS server fail to support DNSSEC?

A security-aware authoritative server has to support:

* EDNS0 and DO
* RRSIG records alongside the RRsets they cover in responses
* Special logic for DS in parent zones
* NSEC or NSEC3 in negative and wildcard responses

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
occasionally poor at first.



More information about the bind-users mailing list