DNSSEC and Geodns
Jeffrey Ollie
jeff at ocjtech.us
Sat Nov 21 04:28:29 UTC 2009
On Fri, Nov 20, 2009 at 10:09 PM, Mike McGrath <mmcgrath at redhat.com> wrote:
>
> So, for example 'fedoraproject.org' wouldn't be signed, but
> 'us.fedoraproject.org' would be? I *think* that's possible but I haven't
> gotten it to work. If I can get that to work though I guess that makes
> sense because A) it'd work for now and B) I'm sure over time pdns's dnssec
> will continue to mature.
No, that wouldn't really work, because then you couldn't trust lookups
from the fedoraproject.org zone, which would include delegations to
the subdomains, the main website itself, MX records, etc.
--
Jeff Ollie
More information about the Fedora-infrastructure-list
mailing list