Gaurav Kansal <gaurav.kan...@nic.in> wrote:

> DNSSEC is done on Authoritative side.

Signing is done on authority servers. It's straightforward with
inline-signing mode, or if you maintain your zone with dynamic updates.

> Caching DNS only check whether that particular domain is signed or not,
> only if that caching DNS is designed to do so.

Validation is done on caches. In my experience validation is a pretty
untroublesome feature to enable, provided you aren't completely hammering
your name servers.

Tony.
-- 
f.anthony.n.finch  <d...@dotat.at>  http://dotat.at/
Hebrides: Northeasterly 4 or 5, increasing 5 to 7 except in northwest.
Moderate. Showers. Good.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to