[Opendnssec-user] Parent and child on same NS?
Rick van Rein
rick at openfortress.nl
Mon Sep 17 14:12:52 UTC 2012
Hello,
Is it correct that a signed parent and signed child zone can never
share the same name server? For instance, the same secondary?
The zone apex usually carries:
- on the parent: NS, DS, each with an RRSIG
- on the child: NS, SOA, DNSKEY, NSEC3PARAM, misc, each with an RRSIG
My only concern could be with NSEC3 records, but these are spooned out
for the appropriate zone that misses the entry requested, so even here
I would not expect damage.
Am I overlooking anything here?
Cheers,
-Rick
More information about the Opendnssec-user
mailing list