[Opendnssec-user] Question involving DS Records
newman-andy at yale.edu
Wed Nov 29 20:04:08 UTC 2017
I apologize if this is a bit naive but I have a question involving enabling DNSSEC for a very large a complex DNS structure. Right now I have hundreds of subdomains and thousands of resource records. The current structure has one zone per subdomain. I realize that this makes DNSSEC substantially more complex.
My question is whether there is a way to tell OpenDNSSEC that a series of zones are, in fact, "subzones" of a parent zone. My particular problem is that it doesn't appear that OpenDNSSEC automates the creation of DS records. Is there a way to? Today I am using a locally written script to update the unsigned parent zone(s) with DS records associated with the KSK of each subzone. Is there a better way to do this?
Andy Newman / newman-andy at yale.edu
Director, Infrastructure Design Services & Enterprise Architect
Yale University Information Technology Services
25 Science Park, 4th Floor
150 Munson St., New Haven, CT 06520
Phone: (203) 432-6696 / Fax: (203) 436-4067 / Cell: (203) 980-0031
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Opendnssec-user