DNSSEC NS record delegation

2009-07-28 Thread Khuu, Linh MicroTech 
Hi,

I have question about the DNSSEC NS record.

We have the parent zone, for example, example.net being signed with DNSSEC. We 
have a child zone test.example.net delegating to glbl.example.net as NS record. 
glbl.example.net is not a DNSSEC. Will nslookup for anything in 
test.example.net fail?

Linh Khuu 



PGP.sig
Description: PGP signature
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: DNSSEC NS record delegation

2009-07-28 Thread Mark Andrews 

In message 15aeacf110417c4b9d6186fe81fbf2d9091e0...@hq-mbx-03.ba.ad.ssa.gov, 
Khuu, Linh MicroTech writes:
 
 Hi,
 
 I have question about the DNSSEC NS record.
 
 We have the parent zone, for example, example.net being signed with DNSSEC.
  We have a child zone test.example.net delegating to glbl.example.net as NS
  record. glbl.example.net is not a DNSSEC. Will nslookup for anything in te
 st.example.net fail?

No.  The servers for a signed zone need to be DNSSEC aware.  The
servers for a unsigned zone do not need to be DNSSEC aware.  As
test.example.net is unsigned the servers for it do not need to be
DNSSEC aware.

Mark
 
 Linh Khuu


-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
___
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users