> > My name is Kevin and I'm working with the Argentina ccTLD team to upgrade > our local NS systems and our goal is to load the .ar, .com.ar and > subsequent zones using DLZ. Our other task was to deploy DNSSEC here and > start signing our TLDs, but according to the e-mails I've read (dated > 2006 mostly) it's not very clear if it's already been possible (it's been > 4 years since those e-mails were written).
As far as I know, DLZ has not yet been taught to understand DNSSEC. I haven't confirmed this personally, but I'll hazard a guess based on what I've seen of the code. DLZ might be able to provide normal answers and RRSIGs when the name exists, but for NXDOMAIN and NOERROR/NODATA answers, I wouldn't expect it to provide NSEC records correctly in all cases, and I'm sure it would fail with NSEC3. If you're planning to use this for a hidden zone master or some such, where it would only be answering AXFRs, I think it could probably do that. Incidentally, BIND 10 can serve authoritative data from a database back-end; it currently supports SQLite3 and we're planning to add a MySQL data source driver. But it won't be ready for production use for another year or so. -- Evan Hunt -- [email protected] Internet Systems Consortium, Inc. _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users

