[Dnsmasq-discuss] DNSSEC: Answer for local hosts with AD flag set?
Tomas Hozza
thozza at redhat.com
Mon Oct 12 09:30:07 BST 2015
On 05.10.2015 12:31, Ernst Ahlers wrote:
>> You can have a local zone with local data also in Unbound.
>
> Sure, but also signed with DNSSEC?
No, it can not. Unbound can not sign the records. It may be
possible to serve serve already signed zone, but I never
experimented with this.
I agree with the later response that if you want signing, it
may be better to use BIND. It can do the signing for you
automatically on-the-fly and also do the management of keys
(rollover) based on validity of the keys. Making such setup
with BIND is super easy.
Regards,
--
Tomas Hozza
Software Engineer - EMEA ENG Developer Experience
PGP: 1D9F3C2D
UTC+2 (CEST)
Red Hat Inc. http://cz.redhat.com
More information about the Dnsmasq-discuss
mailing list