DNSSEC closed environment
Mark Andrews
marka at isc.org
Wed Jul 8 04:51:42 UTC 2009
In message <ce9bf7140907072142h7f279c85ub23f9777e3670670 at mail.gmail.com>, =?ISO
-8859-1?Q?Eduardo_J=FAnior?= writes:
> Hi,
>
>
> I want test dnssec in the closed environment and controled to get some
> information.
>
> it's possible configure dnssec only between 2 name servers, first is
> the authoritative and second is the recurisve? The authoritative name
> server would have zones signed and the recursive will do querys and
> validation.
Yes.
> It's enough put in my named.conf of the recursive name server the
> public key (trusted keys) of a zone signed in authoritative name
> server? And using dig (properly compiled and configured) makes
> requests to recursive and validation occurs correctly?
>
> Any reference?
Just do it. This is a basic island of trust setup.
> Thanks in advance,
>
> -- =
>
> Eduardo J=FAnior
> GNU/Linux user #423272
>
> :wq
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list