In message <ce9bf7140907072142h7f279c85ub23f9777e3670...@mail.gmail.com>, =?ISO -8859-1?Q?Eduardo_J=FAnior?= writes: > Hi, > > > I want test dnssec in the closed environment and controled to get some > information. > > it's possible configure dnssec only between 2 name servers, first is > the authoritative and second is the recurisve? The authoritative name > server would have zones signed and the recursive will do querys and > validation.
Yes. > It's enough put in my named.conf of the recursive name server the > public key (trusted keys) of a zone signed in authoritative name > server? And using dig (properly compiled and configured) makes > requests to recursive and validation occurs correctly? > > Any reference? Just do it. This is a basic island of trust setup. > Thanks in advance, > > -- = > > Eduardo J=FAnior > GNU/Linux user #423272 > > :wq > _______________________________________________ > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users