if any, on an
internal caching-only nameserver where DNSSEC and split DNS are in use.
In this case, per your guidance there are two versions of some zones,
with the internal version using delegation and the external not.
The only way I can think of is to allow recursion on authoritative
s
In message <526eba87.7040...@networktest.com>, David Newman writes:
>
> > 3. Another internal nameserver gets intermittent dig +dnssec errors on
> > queries for internal resources. Sometimes after a restart, the result is
> > NOERROR and other times it's NXDOMAIN or SERVFAIL.
Inconsistant use of
On 10/25/13 6:11 PM, David Newman wrote:
>
>
> On 10/23/13 5:20 PM, Mark Andrews wrote:
>> In message <5268626c.8040...@networktest.com>, David Newman writes:
>>> On 10/23/13 4:28 PM, Mark Andrews wrote:
You sign all versions of the zone.
As for key management you can:
>
On 10/23/13 5:20 PM, Mark Andrews wrote:
> In message <5268626c.8040...@networktest.com>, David Newman writes:
>> On 10/23/13 4:28 PM, Mark Andrews wrote:
>>> You sign all versions of the zone.
>>>
>>> As for key management you can:
>>>
>>> * use the same keys in all views which makes
In message <5268626c.8040...@networktest.com>, David Newman writes:
> On 10/23/13 4:28 PM, Mark Andrews wrote:
> > You sign all versions of the zone.
> >
> > As for key management you can:
> >
> > * use the same keys in all views which makes mobile device
> > management simpler
In message <526857a2.8050...@networktest.com>, David Newman writes:
> On the surface, split DNS and DNSSEC have seemingly opposite goals: One
> seeks to provide different responses to queries for the same resource,
> and the other seeks to prevent it.
DNSSEC seeks to prevent *other parties* from
On 10/23/13 4:28 PM, Mark Andrews wrote:
> You sign all versions of the zone.
>
> As for key management you can:
>
> * use the same keys in all views which makes mobile device
> management simpler as there is no need to distribute keys.
> Validating from the root
You sign all versions of the zone.
As for key management you can:
* use the same keys in all views which makes mobile device
management simpler as there is no need to distribute keys.
Validating from the root will work in all cases though
the
What is the recommended practice for adding DNSSEC to an environment
that currently uses split DNS?
Apologies as I'm sure this has come up before, but most discussion I
found on bind-users was from 1999, and this isn't covered in the ARM.
I did find this draft (not RFC) from 2007, but even the au
9 matches
Mail list logo
