Hello, Is it correct that a signed parent and signed child zone can never share the same name server? For instance, the same secondary?
The zone apex usually carries: - on the parent: NS, DS, each with an RRSIG - on the child: NS, SOA, DNSKEY, NSEC3PARAM, misc, each with an RRSIG My only concern could be with NSEC3 records, but these are spooned out for the appropriate zone that misses the entry requested, so even here I would not expect damage. Am I overlooking anything here? Cheers, -Rick _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
