DNSSEC domain and sub-domains
rod at iastate.edu
rod at iastate.edu
Thu Apr 24 17:22:28 UTC 2014
On Apr 24, 2014, at 11:01 AM, Tony Finch <dot at dotat.at> wrote:
> rod at iastate.edu <rod at iastate.edu> wrote:
>
>> If we implement DNSSEC for iastate.edu, admin.iastate.edu and
>> its.iastate.edu, must DNSSEC be implemented for the delegated zones as
>> well?
>
> No, in exactly the same way that signing .edu does not mean iastate.edu
> has to be signed. If there are no DS records at the delegation point for
> cs.iastate.edu that means that cs.iastate.edu is insecure.
>
> Tony.
> --
> f.anthony.n.finch <dot at dotat.at> http://dotat.at/
> South Biscay: Easterly 4 or 5, veering westerly 5 to 7. Rough. Rain or
> showers. Good, occasionally poor.
I knew that, but I started to doubt what I knew. Thanks for the confirmation and setting my mind as ease.
--
Rod Eldridge
Network Infrastructure, Authentication, & Directory Services Team
Mac OS X Development Team
IT Services, Iowa State University of Science and Technology
More information about the bind-users
mailing list