What is the recommended practice for adding DNSSEC to an environment that currently uses split DNS?
Apologies as I'm sure this has come up before, but most discussion I found on bind-users was from 1999, and this isn't covered in the ARM. I did find this draft (not RFC) from 2007, but even the author acknowledges that some examples given can invite misconfiguration: http://tools.ietf.org/html/draft-krishnaswamy-dnsop-dnssec-split-view-04 On the surface, split DNS and DNSSEC have seemingly opposite goals: One seeks to provide different responses to queries for the same resource, and the other seeks to prevent it. Is there some way of reconciling these? Thanks dn _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
