Bind 9.5.0-P2, DNSSEC and /dev/random
Alan Clegg
Alan_Clegg at isc.org
Mon Sep 1 01:57:48 UTC 2008
Michael wrote:
>> It depends on what you are trying to do...
>>
>> SSL certificates are not used in DNSSEC, so if you are talking about "to
>> deploy DNSSEC", then the answer is NO.
>>
>> If you are trying to secure your http, pop, imap, etc. sessions, and a
>> self-signed certificate is not enough then yes, you need to buy a
>> "certificate"
>
> I'm talking about DNS SEC (signed zones)... so in other words I can't sign a
> zone with a CA issued certificate.
Signing a zone and doing SSL are two different things, both using
cryptography (and the associated mathematics), but are not done in the
same way.
I recommend that you take a look at:
http://www.nlnetlabs.nl/dnssec_howto/
AlanC
More information about the bind-users
mailing list