Hi,
How's your experience with DNSSEC while using it with caching dns and
authoritative dns ?
If we are using DNSSEC enable with caching resolver, and remote domain
is not DNSSEC enabled so in that case , do we face any problem, means
any failure or something?
Regards,
Ben
Gaurav Kansal<gaurav.kan...@nic.in> wrote:
DNSSEC is done on Authoritative side.
Signing is done on authority servers. It's straightforward with
inline-signing mode, or if you maintain your zone with dynamic updates.
Caching DNS only check whether that particular domain is signed or not,
only if that caching DNS is designed to do so.
Validation is done on caches. In my experience validation is a pretty
untroublesome feature to enable, provided you aren't completely hammering
your name servers.
Tony.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
