dnssec subzone not signed question
Alan Clegg
aclegg at isc.org
Thu Dec 23 02:02:02 UTC 2010
On 12/22/2010 6:49 PM, jim wrote:
> Sorry, still needing spoon fed.
No problem. You might be interested in a presentation that I gave at
NANOG earlier in the year:
ftp://ftp.isc.org/isc/pubs/pres/NANOG/50/DNSSEC-NANOG50.pdf
> When you say DS record in the parent, would this be .example.edu
> <http://example.edu> or my parent .edu
>
> The end result is get example.edu <http://example.edu> as a dnssec
> secured zone by getting a DS record in .edu
>
> So it sounds like when I do upload the example.edu <http://example.edu>
> DS record to .edu, my subdomain.example.edu
> <http://subdomain.example.edu> will break, I will need to sign every
> zone inside example.edu <http://example.edu>?
Consider that right now, the root (.) is signed. There is a DS record in
(.) for edu, but there is not a DS record in edu for example.edu. You
don't have example.edu signed yet, but it continues to work.
AlanC
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20101222/3257f6db/attachment.bin>
More information about the bind-users
mailing list