What is the recommended practice for adding DNSSEC to an environment
that currently uses split DNS?
Apologies as I'm sure this has come up before, but most discussion I
found on bind-users was from 1999, and this isn't covered in the ARM.
I did find this draft (not RFC) from 2007, but even the au
You sign all versions of the zone.
As for key management you can:
* use the same keys in all views which makes mobile device
management simpler as there is no need to distribute keys.
Validating from the root will work in all cases though
the
On 10/23/13 4:28 PM, Mark Andrews wrote:
> You sign all versions of the zone.
>
> As for key management you can:
>
> * use the same keys in all views which makes mobile device
> management simpler as there is no need to distribute keys.
> Validating from the root
In message <526857a2.8050...@networktest.com>, David Newman writes:
> On the surface, split DNS and DNSSEC have seemingly opposite goals: One
> seeks to provide different responses to queries for the same resource,
> and the other seeks to prevent it.
DNSSEC seeks to prevent *other parties* from
In message <5268626c.8040...@networktest.com>, David Newman writes:
> On 10/23/13 4:28 PM, Mark Andrews wrote:
> > You sign all versions of the zone.
> >
> > As for key management you can:
> >
> > * use the same keys in all views which makes mobile device
> > management simpler
5 matches
Mail list logo
