[Pdns-users] PDNS for a TLD...

Peter van Dijk peter.van.dijk at netherlabs.nl
Mon Oct 13 06:57:23 UTC 2014


On 13 Oct 2014, at 7:51 , Rob <roblocke at gmail.com> wrote:

> > So in "untechnical","policywise" language: 
> > do you need to delegate authority ...? 
> > If not, then maybe keep it simple (whichever method that is). 
> In some cases, we’ll be delegating authority, so we'll simply have the domain NS records in the foo zone, nothing else. 
> In other cases, customers will be using our nameservers, so we’ll have the SOA/NS records in the domain zone.  But do we need any records in the foo zone in that scenario? 

If ‘foo’ and ‘bar.foo’ are separate zones on the same name server, you need SOA+NS in ‘bar.foo' *and* NS in ‘foo'. Without DNSSEC, you can get away without NS in ‘foo', but as soon as ‘foo’ is DNSSEC signed, you need the NS records so that DNSSEC can do an (in)secure proof on the delegation.

Kind regards,
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20141013/baad8d63/attachment-0001.sig>

More information about the Pdns-users mailing list