DNSSEC enabling second level domains
Dave Clark
bind-users at dollardns.net
Mon Jul 25 17:07:50 UTC 2005
I just wanted to confirm something. I read this in the BIND 9.3.1 manual:
"There must also be communication with the administrators of the parent
and/or child zone to transmit keys. A zone's security status must be
indicated by the parent zone for a DNSSEC capable resolver to trust its
data. This is done through the presense or absence of a DS record at the
delegation point."
Does this mean that that domains like 'dollardns.net' cannot be DNSSEC
secured unless the GTLD servers have a DS record for my domain? It would
seem to be kind of a hastle to have to individually secure subzones like
www.dollardns.net and mail.dollardns.net etc - and I haven't heard of any
processes by which you can add DS records to TLD name servers. Is securing
second level domains feasible?
Dave
More information about the bind-users
mailing list