Free secondary servers supporting DNSSEC?

Mark Andrews marka at isc.org
Sun Feb 17 21:21:35 UTC 2013


In message <alpine.LSU.2.00.1302171800460.731 at hermes-1.csi.cam.ac.uk>, Tony Fin
ch writes:
> Vernon Schryver <vjs at rhyolite.com> wrote:
> >
> > How does a secondary authoritative DNS server fail to support DNSSEC?
> 
> A security-aware authoritative server has to support:
> 
> * EDNS0 and DO
> * RRSIG records alongside the RRsets they cover in responses
> * Special logic for DS in parent zones
> * NSEC or NSEC3 in negative and wildcard responses

Well that's been available for 8 years now.  Even Microsoft support
it in their servers.  NSEC3 support has been available for 4 years.
It's hard to find servers that don't support DNSSEC out of the box
these days.

> Tony.
> -- 
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
> Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first.
> Rough, becoming slight or moderate. Showers, rain at first. Moderate or good,
> occasionally poor at first.
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
>  from this list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org



More information about the bind-users mailing list