[Pdns-users] DNSSEC + Split DNS

[rob777]

Hi

I have a Split DNS configuration:


*Internal DNS*
- I have an internal Setup of Powerdns Authoritative and Powerdns Recursor
- On the Powerdns Authorititative internal i have several internal only
domains like bla.test.com, bli.test.com etc. (configured via forward-zone)
- These internal Domains do not have dnssec configured
- My internal Servers and clients use the Powerdns Recursor to resolve
internal names via forward-zone and external Names via Recurso
(dnssec=validate active)


*External DNS*
- AWS R53 hosted Public Zone test.com
- DNSSEC is currently not enabled
- In the external test.com i have because of historical reasons some 2-3
shadow records (records which are also configured in the internal Zone on
Powerdns Authoritative with an internal IP...)

I'm planning to enable DNSSEC for the external test.com Zone (but for now
not on the internal Subdomains bla.test.com,bli.test.com etc. on the
internal Powerdns Authoritative).

I'm starting to believe that i will create a mess with enabling DNSSEC on
the external test.com side...i know that Split DNS is not optimal per se.

Do i create a mess with this planned DNSSEC enabling on the external
test.com DNS Zone?

Thanks for any advice
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.powerdns.com/pipermail/pdns-users/attachments/20260409/4c0f2a0d/attachment.htm>