DNSSEC NS record delegation
Mark Andrews
marka at isc.org
Tue Jul 28 19:53:17 UTC 2009
In message <15AEACF110417C4B9D6186FE81FBF2D9091E03E2 at HQ-MBX-03.ba.ad.ssa.gov>,
"Khuu, Linh MicroTech" writes:
>
> Hi,
>
> I have question about the DNSSEC NS record.
>
> We have the parent zone, for example, example.net being signed with DNSSEC.
> We have a child zone test.example.net delegating to glbl.example.net as NS
> record. glbl.example.net is not a DNSSEC. Will nslookup for anything in te
> st.example.net fail?
No. The servers for a signed zone need to be DNSSEC aware. The
servers for a unsigned zone do not need to be DNSSEC aware. As
test.example.net is unsigned the servers for it do not need to be
DNSSEC aware.
Mark
> Linh Khuu
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list