On 12/22/2010 6:49 PM, jim wrote: > Sorry, still needing spoon fed.
No problem. You might be interested in a presentation that I gave at NANOG earlier in the year: ftp://ftp.isc.org/isc/pubs/pres/NANOG/50/DNSSEC-NANOG50.pdf > When you say DS record in the parent, would this be .example.edu > <http://example.edu> or my parent .edu > > The end result is get example.edu <http://example.edu> as a dnssec > secured zone by getting a DS record in .edu > > So it sounds like when I do upload the example.edu <http://example.edu> > DS record to .edu, my subdomain.example.edu > <http://subdomain.example.edu> will break, I will need to sign every > zone inside example.edu <http://example.edu>? Consider that right now, the root (.) is signed. There is a DS record in (.) for edu, but there is not a DS record in edu for example.edu. You don't have example.edu signed yet, but it continues to work. AlanC
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
