Bind 9.5.0-P2, DNSSEC and /dev/random
Alan Clegg
Alan_Clegg at isc.org
Mon Sep 1 01:43:59 UTC 2008
Michael wrote:
>> SSL certificates are valid for multiple years and they use
>> the same crypto. They are also simpler to use at this point
>> in time. Buy and copy into place.
>
> So for the domain name "networkstuff.co.nz", I would need to buy a certificate
> for "networkstuff.co.nz" or would it need to be a wildcard certificate?
> ie: "*.networkstuff.co.nz" as these are expensive...
It depends on what you are trying to do...
SSL certificates are not used in DNSSEC, so if you are talking about "to
deploy DNSSEC", then the answer is NO.
If you are trying to secure your http, pop, imap, etc. sessions, and a
self-signed certificate is not enough then yes, you need to buy a
"certificate"
AlanC
More information about the bind-users
mailing list