On Apr 24, 2014, at 11:01 AM, Tony Finch <d...@dotat.at> wrote: > r...@iastate.edu <r...@iastate.edu> wrote: > >> If we implement DNSSEC for iastate.edu, admin.iastate.edu and >> its.iastate.edu, must DNSSEC be implemented for the delegated zones as >> well? > > No, in exactly the same way that signing .edu does not mean iastate.edu > has to be signed. If there are no DS records at the delegation point for > cs.iastate.edu that means that cs.iastate.edu is insecure. > > Tony. > -- > f.anthony.n.finch <d...@dotat.at> http://dotat.at/ > South Biscay: Easterly 4 or 5, veering westerly 5 to 7. Rough. Rain or > showers. Good, occasionally poor.
I knew that, but I started to doubt what I knew. Thanks for the confirmation and setting my mind as ease. -- Rod Eldridge Network Infrastructure, Authentication, & Directory Services Team Mac OS X Development Team IT Services, Iowa State University of Science and Technology _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users