On Sat, 22 Jan 2011, JINMEI Tatuya / 神明達哉 wrote:
Does this work with DNSSEC if one loads an explicit trust anchor, even
if in the "world view" the trust anchor is missing?
I'm afraid I don't understand the question. Could you be more
specific, e.g., by using the above example.com example?
I think Paul is wondering if it works with the DENIC testbed. 8-)
The forward hack does not work reliable for DNSSEC islands, IIRC.
(I still don't understand what exactly "it works with the DENIC
testbed" means in the context of the original question of Paul, but)
If so, I believe the answer is yes. static-stub was developed
specifically for that purpose (although the feature itself is generic
and would be useful for other purposes) :-)
I meant, if you have a zone example.tld. And tld. is not signed, but
you have a testbed for a signed tld. at IP 1.2.3.4, if static-stub
would allow you to configure a resolving bind to perform DNSSEC on
1.2.3.4 with a loaded trusted-key. So yes, the "de" (or "ca") testbed
hook.
Paul
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
