How to alias a domain
Graham Clinch
g.clinch at lancaster.ac.uk
Fri Jan 16 16:13:41 UTC 2015
On 16/01/2015 15:36, John wrote:
> DNAME will not work with DNSSEC.
> DNAME only work with the sub-tree, while DNSSEC is at the domain level.
>
> taking the example:
> klam.biz IN DNAME klam.com
>
> DNSSEC will try to find keys for klam.biz NOT klam.com, which results in
> DNSSEC failure.
DNAME and DNSSEC certainly do work together - take a look at
http://dnsviz.net/d/www.lancaster.ac.uk/dnssec/
The klam.biz zone would need to be signed (I suppose you could use the
same key material as for klam.com, but I am not sure what benefit that
would bring) and biz to provide DS records, but there's nothing special
there from a DNSSEC point of view.
74.116.186.178 (one of two nameservers for klam.biz) is currently
returning SERVFAIL to my queries regarding klam.biz, which may be
obscuring the real problem.
Graham
More information about the bind-users
mailing list