DNSSEC domain and sub-domains

rod at iastate.edu rod at iastate.edu
Thu Apr 24 17:22:28 UTC 2014

On Apr 24, 2014, at 11:01 AM, Tony Finch <dot at dotat.at> wrote:

> rod at iastate.edu <rod at iastate.edu> wrote:
>> If we implement DNSSEC for iastate.edu, admin.iastate.edu and
>> its.iastate.edu, must DNSSEC be implemented for the delegated zones as
>> well?
> No, in exactly the same way that signing .edu does not mean iastate.edu
> has to be signed. If there are no DS records at the delegation point for
> cs.iastate.edu that means that cs.iastate.edu is insecure.
> Tony.
> -- 
> f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
> South Biscay: Easterly 4 or 5, veering westerly 5 to 7. Rough. Rain or
> showers. Good, occasionally poor.

I knew that, but I started to doubt what I knew. Thanks for the confirmation and setting my mind as ease.

Rod Eldridge
Network Infrastructure, Authentication, & Directory Services Team
Mac OS X Development Team
IT Services, Iowa State University of Science and Technology

More information about the bind-users mailing list