Re: dnssec subzone not signed question

On 12/22/2010 6:49 PM, jim wrote: > Sorry, still needing spoon fed. No problem. You might be interested in a presentation that I gave at NANOG earlier in the year: ftp://ftp.isc.org/isc/pubs/pres/NANOG/50/DNSSEC-NANOG50.pdf > When you say DS record in the parent, would this be .example.edu >

Re: dnssec subzone not signed question

Hi Alan, Sorry, still needing spoon fed. When you say DS record in the parent, would this be .example.edu or my parent .edu The end result is get example.edu as a dnssec secured zone by getting a DS record in .edu So it sounds like when I do upload the example.edu DS record to .edu, my subdomain

Re: dnssec subzone not signed question

> Showing my ignorance, can I > Just not sign the dynamic subzones, wirelessN/buildingN.example.edu > , even though example.edu > is signed? Sure. As long as you don't put a DS record in the parent, you most certainly don't HAVE to sign the chi

dnssec subzone not signed question

Greetings, Thanks to all for the excellent information on the list and taking the time to reply. Upgrading server hardware, RedHat SELinux, bind, dhcp and going for dnssec on these new machines. Getting close but still some basic questions before going to a production island of security. Signed