DNSSEC and secondary DNS servers

Grant Taylor gtaylor at tnetconsulting.net
Sat Sep 8 16:18:45 UTC 2018

On 09/08/2018 07:58 AM, @lbutlr wrote:
> what do I need to do for other DNS servers?

I don't think you need to do anything special.

The zone signatures come form and are managed by the master name server. 
  The secondary name server(s) is (are) just additional servers with 
copies of the zone.

You /might/ want to look at something to ensure that the zone is not 
corrupted during the typical slave process.  (New mirror zones come to 
mind, but I don't know enough about them.)

I know that I've been running DNSSEC on my zones for years and have 
never done anything special on the slave DNS servers.  Some of which are 
even hosted by other companies that I wouldn't give any DNSSEC keying 
material to.  (Besides, they don't offer anything like that.)

Grant. . . .
unix || die

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180908/30fbcd87/attachment.bin>

More information about the bind-users mailing list