Gaurav Kansal <[email protected]> wrote: > DNSSEC is done on Authoritative side.
Signing is done on authority servers. It's straightforward with inline-signing mode, or if you maintain your zone with dynamic updates. > Caching DNS only check whether that particular domain is signed or not, > only if that caching DNS is designed to do so. Validation is done on caches. In my experience validation is a pretty untroublesome feature to enable, provided you aren't completely hammering your name servers. Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ Hebrides: Northeasterly 4 or 5, increasing 5 to 7 except in northwest. Moderate. Showers. Good. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
