DNSSEC and child zones on same authoritative NS. Expert help needed.
Sam Wilson
Sam.Wilson at ed.ac.uk
Tue Mar 16 17:53:07 UTC 2010
In article <mailman.828.1268758483.21153.bind-users at lists.isc.org>,
Gary Wallis <wgg1970 at gmail.com> wrote:
> Sam Wilson wrote:
> > In article <mailman.814.1268703621.21153.bind-users at lists.isc.org>,
> > Gary Wallis <wgg1970 at gmail.com> wrote:
> >
> >> Let's say I have this setup :
> >>
> >> BIND 9.4 named.conf includes a master.zones file with the following:
> >>
> >> ...
> >> zone "ns1.yourdomain.com" {
> >> type master;
> >> file "master/external/n/ns1.yourdomain.com.signed";
> >> };
> >>
> >> zone "ns2.yourdomain.com" {
> >> type master;
> >> file "master/external/n/ns2.yourdomain.com.signed";
> >> };
> >>
> >> zone "yourdomain.com" {
> >> type master;
> >> file "master/external/y/yourdomain.com.signed";
> >> };
> >> ...
> >>
> >> More background for question below:
> >>
> >> The yourdomain.com is I gather the zone APEX for all featured zones
> >> above. (Is this the correct use of the term APEX?)
> >
> > "Parent", as Mark has already pointed out.
>
> Got that :)
>
> I would be nice to know what a zone apex is since what I have found on
> the web so far is pretty self-referential.
The zone apex is the name of the zone. It will always have SOA and NS
records at that point and in DNS Classic[tm] may, but need not, have
other records as well (MX and A are common). DNSSEC brings other RRs to
the party at the apex.
Sam
More information about the bind-users
mailing list