DNSSEC and secondary DNS servers
Grant Taylor
gtaylor at tnetconsulting.net
Sat Sep 8 16:18:45 UTC 2018
On 09/08/2018 07:58 AM, @lbutlr wrote:
> what do I need to do for other DNS servers?
I don't think you need to do anything special.
The zone signatures come form and are managed by the master name server.
The secondary name server(s) is (are) just additional servers with
copies of the zone.
You /might/ want to look at something to ensure that the zone is not
corrupted during the typical slave process. (New mirror zones come to
mind, but I don't know enough about them.)
I know that I've been running DNSSEC on my zones for years and have
never done anything special on the slave DNS servers. Some of which are
even hosted by other companies that I wouldn't give any DNSSEC keying
material to. (Besides, they don't offer anything like that.)
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180908/30fbcd87/attachment.bin>
More information about the bind-users
mailing list