On 09/08/2018 07:58 AM, @lbutlr wrote:
what do I need to do for other DNS servers?
I don't think you need to do anything special.The zone signatures come form and are managed by the master name server. The secondary name server(s) is (are) just additional servers with copies of the zone.
You /might/ want to look at something to ensure that the zone is not corrupted during the typical slave process. (New mirror zones come to mind, but I don't know enough about them.)
I know that I've been running DNSSEC on my zones for years and have never done anything special on the slave DNS servers. Some of which are even hosted by other companies that I wouldn't give any DNSSEC keying material to. (Besides, they don't offer anything like that.)
-- Grant. . . . unix || die
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users