DNSSEC
David Miller
dmiller at tiggee.com
Sat May 1 01:38:22 UTC 2010
I assume that you are asking about providing authoritative DNS for
example.com.
Should you deploy DNSSEC? Yes, if you want your query responses to be
validated by DNSSEC resolvers.
Does this have anything to do with the DNSSEC signing of the root
domain? No, not really. Unless your TLD's name servers will also be
signed and your domain registrar will support loading your key(s) into
your TLD's name servers, then you will still need to use DLV (regardless
of whether the root is signed or not).
In other words "in the absence of a fully signed path from root to a
zone" you will need DLV to use DNSSEC" Quote from: https://dlv.isc.org/
-DM
On 4/30/2010 8:57 PM, Jeff Pang wrote:
> Hello,
>
> Since the global root DNS servers have deployed dnssec, as a
> hostmaster for the common domain like example.com, should we also
> deploy dnssec with named? Thanks.
>
> Regards.
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list