DNSSEC signing of an internal zone gains nothing (unless??)
Grant Taylor
gtaylor at tnetconsulting.net
Mon Aug 1 18:03:55 UTC 2022
On 8/1/22 11:51 AM, John W. Blue via bind-users wrote:
> However, the intent of the thread is to talk about the lack of an
> AD flag from a non-public internal authoritative server. Based upon
> what I am seeing only the AA flag is set.
There are multiple reasons to sign zones. The existence of the AD flag
is only one of them.
IM(NS)HO, the lack of an AD flag from an authoritative server is not in
and of itself a reason to not sign zones; internal or otherwise.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20220801/6d9e7b89/attachment-0001.bin>
More information about the bind-users
mailing list