Need guidance on configuring DNSSEC

Vishal Gandhi vgandhi at
Fri Oct 11 14:32:22 UTC 2013


We are using BIND v9.8.2.

Currently, we are setting up AD infrastructure for internal/local network.  We've configured one controller to be the primary for this local zone (fdu.local) for DNS queries.  Our primary DNS server (which indeed is a different server) is configured to hold this as a slave.  We would like configure DNSSEC and I am wondering where can we get this started from.

We are planning to sign local zone (fdu.local).  Is it required to sign the parent zone ( as well or we can live with it unsigned?
What are pros and cons of signing parent zone (

We've found information on signing zones on AD at least.  Can some one provide us steps to enable and configure DNSSEC for our domains.

Thanks in advance.
Vishal K. Gandhi
Systems Analyst/E-Mail Specialist
University Systems and Security
1000 River Road, Teaneck NJ 07666
Mail Stop: T-BH1-01
: 201-692-2414 |  : 201-692-2494 |  : vgandhi at
"Fairleigh Dickinson University will never
                                 ask for your password. Please do not share it with others!"

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the bind-users mailing list