Subdomain DNSSEC
Michael Dahlberg
olgamirth at gmail.com
Mon Aug 28 16:06:23 UTC 2017
My apologies if this question has an easily discoverable answer but my
google-fu seems to be failing me today.
If a domain is signed, is it possible to delegate a subdomain to a 3rd
party who is unable to sign that subdomain? For example, I own example.com
and its signed. I'd like to delegate subdomain.example.com to a 3rd party
that uses Amazon Route53 and therefore can't sign subdomain.example.com.
My understanding, and this may be incorrect, is that if a client's resolver
verifies signatures, then any resolution of subdomain.example.com would
result in an error because there would not be a valid signature for each
node in subdomain.example.com. As I said, I may be incorrect here.
Thanks for any and all comments.
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170828/9ca79ba8/attachment.html>
More information about the bind-users
mailing list