Hello
On 26 Feb 2019, at 5:43, Asanka Gunasekara wrote:
I'm sure this is a pretty dumb question but my knowledge on DNSSEC is
very limited so hope you guys/gals can help me out.
We use PowerDNS as our Authorative DNS and everything is configured
here. We use PowerDNS-Admin
[https://github.com/ngoduykhanh/PowerDNS-Admin] as our GUI.
I have our primary domain: domain.com and it is split up into several
sub-domain zones for ease of management.
Eg:
Zone1 - domain.com
Zone2 - sub1.domain.com
Zone3 - sub2.domain.com
Q1) If I enable DNSSEC between Zone1 above and domain registrar, would
zones 2 and 3 stop functioning?
They will keep working, but in insecure mode, as long as there is a
correct delegation (NS records for Zone2 and Zone3) in Zone1.
Q2) How do I enable DNSSEC on sub zones?
For Zone1, you presumably enabled DNSSEC in your Admin and then sent the
DNSKEY or DS to the parent operator (.com), who then puts a DS in that
parent zone. For Zone2 and Zone3, you are the parent operator, so enable
DNSSEC, and then put the DS records in Zone1.
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
