[Pdns-users] Impact of DNSSEC with Sub Domain Zones
Peter van Dijk
peter.van.dijk at powerdns.com
Tue Feb 26 17:00:51 UTC 2019
Hello
On 26 Feb 2019, at 5:43, Asanka Gunasekara wrote:
> I'm sure this is a pretty dumb question but my knowledge on DNSSEC is
> very limited so hope you guys/gals can help me out.
>
> We use PowerDNS as our Authorative DNS and everything is configured
> here. We use PowerDNS-Admin
> [https://github.com/ngoduykhanh/PowerDNS-Admin] as our GUI.
>
> I have our primary domain: domain.com and it is split up into several
> sub-domain zones for ease of management.
> Eg:
> Zone1 - domain.com
> Zone2 - sub1.domain.com
> Zone3 - sub2.domain.com
>
> Q1) If I enable DNSSEC between Zone1 above and domain registrar, would
> zones 2 and 3 stop functioning?
They will keep working, but in insecure mode, as long as there is a
correct delegation (NS records for Zone2 and Zone3) in Zone1.
> Q2) How do I enable DNSSEC on sub zones?
For Zone1, you presumably enabled DNSSEC in your Admin and then sent the
DNSKEY or DS to the parent operator (.com), who then puts a DS in that
parent zone. For Zone2 and Zone3, you are the parent operator, so enable
DNSSEC, and then put the DS records in Zone1.
Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/
More information about the Pdns-users
mailing list