Free secondary servers supporting DNSSEC?
Vernon Schryver
vjs at rhyolite.com
Sun Feb 17 14:44:09 UTC 2013
> From: Robert Moskowitz <rgm at htt-consult.com>
> One of my secondaries, though, does not support DNSSEC
How does a secondary authoritative DNS server fail to support DNSSEC?
It's not as if it would be doing any signature checking or automagic
(re)signing. Does it not tolerate the not at all new RRSIG and
NSEC or NSEC3 record types? Or does not not haves EDNS support?
In any case, some naming and shaming seems appropriate. Basic
DNSSEC support (i.e. maybe not yet TLSA or SMIMEA) is a fundamental
checklist item today.
Vernon Schryver vjs at rhyolite.com
More information about the bind-users
mailing list