In message 15aeacf110417c4b9d6186fe81fbf2d9091e0...@hq-mbx-03.ba.ad.ssa.gov,
Khuu, Linh MicroTech writes:
Hi,
I have question about the DNSSEC NS record.
We have the parent zone, for example, example.net being signed with DNSSEC.
We have a child zone test.example.net delegating to glbl.example.net as NS
record. glbl.example.net is not a DNSSEC. Will nslookup for anything in te
st.example.net fail?
No. The servers for a signed zone need to be DNSSEC aware. The
servers for a unsigned zone do not need to be DNSSEC aware. As
test.example.net is unsigned the servers for it do not need to be
DNSSEC aware.
Mark
Linh Khuu
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users