DNSSEC NS record delegation
Mark Andrews
marka at isc.org
Tue Jul 28 19:56:52 UTC 2009
Mark Andrews writes:
>
> In message <15AEACF110417C4B9D6186FE81FBF2D9091E03E2 at HQ-MBX-03.ba.ad.ssa.gov>
> ,
> "Khuu, Linh MicroTech" writes:
> >
> > Hi,
> >
> > I have question about the DNSSEC NS record.
> >
> > We have the parent zone, for example, example.net being signed with DNSSEC.
> > We have a child zone test.example.net delegating to glbl.example.net as NS
> > record. glbl.example.net is not a DNSSEC. Will nslookup for anything in te
> > st.example.net fail?
>
> No. The servers for a signed zone need to be DNSSEC aware. The
> servers for a unsigned zone do not need to be DNSSEC aware. As
> test.example.net is unsigned the servers for it do not need to be
> DNSSEC aware.
On re-reading you didn't supply enough information to determine
a yes or no answer. You should however be able to work the answer
out with the information above.
Mark
> Mark
>
> > Linh Khuu
>
>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list