Gaurav Kansal <gaurav.kan...@nic.in> wrote: > DNSSEC is done on Authoritative side.
Signing is done on authority servers. It's straightforward with inline-signing mode, or if you maintain your zone with dynamic updates. > Caching DNS only check whether that particular domain is signed or not, > only if that caching DNS is designed to do so. Validation is done on caches. In my experience validation is a pretty untroublesome feature to enable, provided you aren't completely hammering your name servers. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ Hebrides: Northeasterly 4 or 5, increasing 5 to 7 except in northwest. Moderate. Showers. Good. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users