Thank you for all of the responses, I really appreciate it. Clearly the
best approach is to sign the internal tld, but at the moment I can't do that
because I would need new internal servers, ours don't support dnssec.
I configured it as a slave and it's working. Thanks!
Maria
On Tue, Aug 20, 20
In message <20130820221524.ga24...@iano.org>, Maria writes:
> My company uses a private tld. We are working on fixing that but the fix is
> going to take a while, especially if our sol
> ution ends up being trying to register it with icann.
>
> Our resolvers that all internet queries go through
DNSSEC sign the private TLD and configure its KSK as a trust anchor on the
recursive resolvers.
Alternatively, you can configure all your recursive resolvers as slaves for
the private zone. Authoritative responses aren't validated on a mixed
authoritative/recursive nameserver.
Those are the only
On Aug 20, 2013, at 6:15 PM, Maria wrote:
> My company uses a private tld. We are working on fixing that but the fix is
> going to take a while, especially if our solution ends up being trying to
> register it with icann.
>
> Our resolvers that all internet queries go through have a forward z
4 matches
Mail list logo
