[Pdns-users] pdns/gmysql/slave for signed zone: records being mangled

Marco Davids (Prive) mdavids at forfun.net
Wed Jan 26 06:55:13 UTC 2011


 Op 25-01-11 09:33, Mark Huizer schreef:
> A slave server should do nothing but just serving the records, right?

Wrong.

A slave name server should really be DNSSEC aware, in order to be able
to include the appropiate DNSSEC records (RRSIG, DNSKEY, DS, NSEC and
NSEC3) from resolvers that have signaled their willingness to receive
such records via the use of the DO bit in the EDNS header (as per
RFC4033, par. 9).

Regards,

-- 
Marco Davids

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20110126/dc28e900/attachment-0001.html>


More information about the Pdns-users mailing list