r...@iastate.edu <r...@iastate.edu> wrote: > If we implement DNSSEC for iastate.edu, admin.iastate.edu and > its.iastate.edu, must DNSSEC be implemented for the delegated zones as > well?
No, in exactly the same way that signing .edu does not mean iastate.edu has to be signed. If there are no DS records at the delegation point for cs.iastate.edu that means that cs.iastate.edu is insecure. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ South Biscay: Easterly 4 or 5, veering westerly 5 to 7. Rough. Rain or showers. Good, occasionally poor. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
