On 8/9/15 12:38 AM, Heiko Richter wrote:
Using the same domain with two seperate contents is just bad practice. And when you decide to use DNSSec sometime in the future it will leave your home network inoperable, because the trust delegations won't work anymore.
Since the OP is the RP for the mydomain.co.nz zone, wouldn't s/he have access to the ZSK / KSK used externally and thus re-use them internally? I would think that this could be made to work as far as DNSSEC is concerned. (I'm FAR from a DNSSEC expert.)
Even if BIND is managing the zone signing for the OP and the internal and external ""views got out of sync with each other, I would think that they would still both validate because they would share the same ZSK (?) in the parent zone (read: registrar). Is this not the case?
Consider this me, an ignorant ... asking for an accademic discussion about this (mis)use of ""views. (Yes, I know that I'm abusing the term "view". Though arguably proper views could be used to accomplish the same thing.)
-- Grant. . . . unix || die _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
