DNSSEC and split DNS

Mark Andrews marka at isc.org
Thu Oct 24 00:04:07 UTC 2013

In message <526857A2.8050405 at networktest.com>, David Newman writes:
> On the surface, split DNS and DNSSEC have seemingly opposite goals: One
> seeks to provide different responses to queries for the same resource,
> and the other seeks to prevent it.

DNSSEC seeks to prevent *other parties* from injecting in false

With split DNS while the data presented to different clients differs
it is still true data coming from the owner of the data.

Split DNS is no different to having a single zone.  Updating it on
every query based on the address the query came from then returning
the response.

> Is there some way of reconciling these?
> Thanks
> dn
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list