[Opendnssec-user] Parent and child on same NS?

Rick van Rein rick at openfortress.nl
Mon Sep 17 14:12:52 UTC 2012


Hello,

Is it correct that a signed parent and signed child zone can never
share the same name server?  For instance, the same secondary?

The zone apex usually carries:
 - on the parent: NS, DS, each with an RRSIG
 - on the child:  NS, SOA, DNSKEY, NSEC3PARAM, misc, each with an RRSIG

My only concern could be with NSEC3 records, but these are spooned out
for the appropriate zone that misses the entry requested, so even here
I would not expect damage.

Am I overlooking anything here?


Cheers,
 -Rick



More information about the Opendnssec-user mailing list